Data Leak Impacts More than 200 Million Twitter Users
More than 200 million Twitter users’ email addresses have been leaked online.
According to Bloomberg, an anonymous user has published a massive database they claim contains basic information on more than 230 million Twitter users, such as email addresses and screen names. The database contains the names and email addresses of politicians, journalists and bankers, among others.
Jamie Boote is associate software security consultant at Synopsys Software Integrity Group.
“This is a common example of how an unsecured API that developers design to ‘just work’ can remain unsecured because when it comes to security, what is out of sight is often out of mind,” he said. “Humans are terrible at securing what they can’t see. As always, malicious actors have your email address. To be safe, users should change their Twitter password and make sure it’s not reused for other sites. And from now on, it’s probably best to just delete any emails that look like they’re from Twitter to avoid phishing scams.”
Sammy Migues is principal scientist also with Synopsys.
“API security is the real story here,” he said. “As cloud-native app development explodes, so does the world of refactoring monolithic apps into hundreds and thousands of APIs and microservices. Certainly this effort is growing much faster than the skills and numbers of application architects who can craft working secure API and zero trust architectures. It’s also growing faster than the time there is available to do threat modeling and skilled security testing. In this case, the lapse in API security resulted in email addresses tied to Twitter accounts and it seems the marketplace has spoken on the value of that data — next to nothing.”
