Zero Day Attack: Twitter Confirms Zero-Day Used to Expose Data of 5.4M Accounts

The Unknown Threats to Your Data 

According to BleepingComputer, “Twitter has confirmed a recent data breach was caused by a now-patched zero-day vulnerability used to link email addresses and phone numbers to users’ accounts, allowing a threat actor to compile a list of 5.4 million user account profiles.”  

A zero-day attack occurs when a cyber attacker takes advantage of a vulnerability that the developer is unaware exists, in order to steal data or damage a system. This is referred to as a “zero-day” because the victim has “zero-days” to prepare for it, as it can happen suddenly and with no warning.  

In this particular breach, this vulnerability allowed anyone to submit an email address or phone number, verify its association with a Twitter account, and retrieve that unique account ID. The threat actor then used this ID to scrape the public information for the account, which allowed them to create profiles for 5.4 million Twitter users including data like phone numbers, email addresses, and scraped public information.  

While no passwords were exposed in this breach, Twitter is encouraging users to use 2-factor authentication (2FA) on their accounts to prevent unauthorized logins. 

BleepingComputer said, “as two different threat actors have already purchased this data, users should be on the lookout for targeted-spear phishing campaigns utilizing this data to steal your Twitter login credentials.”  

The Importance of Endpoint Verification 

Traditional security is unable to protect your organization’s valuable data against these constant vulnerabilities. Modern zero-day attacks include attacks at the operating system (OS), including escalated privilege attacks, compromised credentials, and malicious/rouge applications that can capture your information. It is essential to verify each endpoint connection and to secure data inside the application.  

Ensuring that your firm’s sensitive data is only accessible by authorized endpoints when developing an application is essential for data protection, and Eclypses MTE technology can help with that.  

Contact us to learn more, [email protected].