Categories: Tech NewsTechCrunch+

Twitter’s data leak response is a lesson in how not to do cybersecurity

Twitter finally broke its silence over the first security incident of the Musk era: an alleged data breach that exposed the contact information of millions of users.

In late December, a poster on a popular cybercrime forum claimed to have scraped the email addresses and phone numbers of 400 million Twitter users by way of a zero-day security flaw in Twitter’s systems, previously blamed for exposing at least 5 million Twitter accounts before it was fixed in January 2022. The subsequent sale of another, smaller dataset containing the email addresses associated with more than 235 million Twitter accounts is said to be a cleaned-up version of the alleged dataset of 400 million Twitter users. Researchers warned that the email addresses, which included the details of politicians, journalists and public figures, could be used to dox pseudonymous accounts.

Twitter, or what’s left of the company, addressed the situation last week.

In an unattributed blog post, Twitter said it had conducted a “thorough investigation” and found “no evidence” that the data sold online was obtained by exploiting a vulnerability of Twitter’s systems. An absence of evidence, however, is not vindication, as it’s unclear if Twitter has the technical means, such as logs, to determine if any user data was exfiltrated. Rather, the company said that hackers had likely been circulating a collection of data pulled from past breaches and said the data did not correlate to any of the data obtained by way of exploiting the bug that was fixed in January 2022.

What Twitter is saying may very well be true, but it’s difficult to have confidence in the company’s statement. Twitter’s erratic response raises many of the same questions that regulators will want to know: Who was tasked with investigating this breach, and does Twitter have the resources to do a thorough job?

An important lesson in what not to do

Twitter’s data leak response is a lesson in how not to do cybersecurity by Carly Page originally published on TechCrunch

Recent Posts

Unlocking the Secrets of JSON.stringify(): More Than Meets the Eye

JSON (JavaScript Object Notation) is a lightweight data-interchange format widely used in web development. At…

2 months ago

How to Handle AJAX GET/POST Requests in WordPress

AJAX (Asynchronous JavaScript and XML) is a powerful technique used in modern web development that…

3 months ago

Page Speed Optimization: Post-Optimization Dos and Don’ts

Introduction After successfully optimizing your website for speed, it's essential to maintain and build upon…

3 months ago

Ultimate Guide to Securing WordPress Folders: Protect Your Site from Unauthorized Access

Securing your WordPress folders is crucial to safeguarding your website from unauthorized access and potential…

4 months ago

HTML CSS PHP File Upload With Circle Progress Bar

Creating a file upload feature with a circular progress bar involves multiple steps. You'll need…

5 months ago

Using WP Rocket with AWS CloudFront CDN

Integrating WP Rocket with AWS CloudFront CDN helps to optimize and deliver your website content…

5 months ago