A mobile phone with the "Welcome to Twitter" home page on it

What Has Happened?

In August, Twitter came forward and admitted a vulnerability had been exploited by a third party to obtain user data. This vulnerability had been present since June 2021 and was only patched in January 2022.

Twitter confirmed the attack after reports began circulating of the breach, it was confirmed that 5.4 million users’ data had been maliciously collected and was up for sale for $30,000 on hacking forums.

Cybersecurity expert Chad Loder reported on Twitter last week that he had been informed of a massive Twitter data breach. Loder has confirmed that this vulnerability has most likely been exploited by multiple threat groups. “It appears that one threat actor exploited the vulnerability to obtain information on 5.4 million Twitter accounts, but others obtained even more records “. Loder claims that “there appear to be tens of millions of impacted accounts, perhaps over 100 million”.

Recently (November 24th 2022), the database of 5.4 million accounts has now been made available on a popular hacking forum for free.

Information Exposed

These records contain either a private email address or phone number, and public scraped data, including the account’s Twitter ID, name, screen name, verified status, location, URL, description, follower count, account creation date, friends count, favourites count, statuses count, and profile image URLs.

The Current State of Twitter

Since Elon Musk acquired Twitter, the service has been rather unpredictable with many changes being made. The world’s richest man has axed staff with plans of reducing the 7,500-member workforce by 50%, changing user verification to a subscription-based service and is reportedly considering several moves that would represent a widespread overhaul of the service if carried out. For anything related to Twitter, it’s recommended to approach with caution until the service stabilises.

What You Should Do

As this data can be potentially used for targeted phishing attacks to gain access to login credentials, it is essential to scrutinize any email that claims to come from Twitter.

If you receive an email claiming your account was suspended, there are login issues, or you are about to lose your verified status, and it prompts you to login on to a non-Twitter domain, ignore the emails and delete them as they are likely phishing attempts.

Please also do the following:

  • Routinely change the account password, and ensure it’s strong (at least 10 characters long, upper and lower case letters, numbers & symbols).
  • Do not enter the credentials anywhere but the official Twitter login page (https://twitter.com/login).
  • Do not re-use the twitter account password for any other online accounts.
  • Monitor the “Apps and Sessions”. This can be accessed in the “Security and account access” setting. This will show you all active sessions that are currently using the Twitter account, you can force a log out of these sessions if you suspect any unauthorised access.
  • Monitor “Account access history” for any unfamiliar or unauthorised access (Located in “Security and account access”).
  • Ensure there are no unknown or suspicious applications listed in the “Connected apps” setting (Located in “Security and account access”).

If you have any questions or concerns regarding the incident, please feel free to contact our IT Support team on +61 (2) 67735000, servicedesk@une.edu.au

Sources:

Security Week

Bleeping Computer

The Guardian