Regarding the recent breach where a threat actor claims to have obtained data of 400 million Twitter users and is offering it for sale, Dirk Schrader, VP of Security Research, Netwrix, offers the following advice:
A hacker is threatening to leak personal information of 400 million Twitter users, including several celebrities. No matter how the situation progresses, there are steps that should be taken by businesses as well as by those of us who have an account in Twitter.
Firstly, we need to take this threat seriously. Leaked data samples as well as additional information indicate the hacker’s claim is valid. The comparison between two data sets – the one originated from a previous Twitter leak and the ‘fresh’ one – proves that the current breach is different, containing previously unseen data. The danger for Twitter users is real and, at least for a portion, imminent.
What may happen?
Any combination of a valid email address and a verified phone number in the hands of cybercrooks opens up many possible threat vectors against users. Smishing attacks (phishing via SMS) making use of information gleaned from a user’s profile can be one of them.
People tend to use the same passwords across different services. This is how attackers may gain access to other users’ more sensitive accounts with pre-saved credit card details in online shops or streaming services. Moreover, it is a common practice for people to use the same password for their personal and business accounts which means that the leaked information can be used as an entry point into the IT environment of the person’s employer.
As always, the biggest danger is the correlation of information extracted from this breach with other leaked data, enriching the possibilities and options for targeted attacks. Any additional large data trove will help Initial Access Brokers enhance the accuracy of data aggregation and find lucrative targets. This increases the threat of supply chain attacks.
What should IT teams do to prevent possible damage?
First and foremost, organizations should inform their employees of this possible threat and encourage people to change their business passwords. If there is a password management solution implemented, it is even easier: the changes can be made for all users automatically.
Multi-factor authentication (MFA) will not let the attacker into the system even with the right password but not all systems are protected with MFA. Keeping in mind the possibility of infiltration, it is best to transfer any identified privileged account into a zero-standing privilege setup.
What can Twitter users do to protect themselves?
Change the password that you use for Twitter in all your other accounts, turn on MFA where possible and start using a password manager to easily face all the upcoming data breaches that are likely to happen.
