Cybersecurity and Social Media

We have all heard of and probably use Twitter. Everyone recognizes the corporate logo and symbol. While there have been other social media outlets, Twitter has stayed the course and continues to be a social media giant.

Breach

Recently, Twitter had an issue with a breach, aka “data security incident” in corporate speak. The problem was detected by Twitter on May 20, 2020.

Affected Users

This did not affect all of the users, which would have been a disaster and epic fail. This only affected the business users who paid for advertisements on the platform, using Twitter Ads and Analytics Manager.

Data

The data involved was not critical, however, should not have been leaked. This included the business user’s email address, billing address, phone numbers, and the last four digits of their credit card numbers. This could have been much worse for the clients if more of the information, including full credit card numbers, would have been included. What further limits the issue is the attacker would require access to the user’s browser to steal this information. This would have to occur one user at a time with the attacker physically sitting at each machine. With the full method to retrieve the data, this attack, while an issue, is practical in very limited circumstances. If retrieving the data was much easier on a grander scale and more confidential information was available, the story would be totally different.

How?

In this day and age of continued data loss, seemingly there would be a data leakage program in place to check systems, configurations, and just about everything else to ensure, as much as you can, that this does not happen. Unfortunately, there was an issue. If the business were to check their billing information on ads.twitter.com or analytics.twitter.com, which would not be that unusual, the data was stored in the browser’s cache. While this is not the end of the world for the affected parties, it should probably be treated as more of a teachable learning experience. The future employees know not to allow this, and this provides a real-life example of what can happen if you let this go.

Remediation

Clearly, this is a problem. Once Twitter detected the issue, they did resolve it. Twitter needed to update their headers to set to no-store and no-cache. This would in effect disable the data from being stored locally at the machine. One issue with this, other than the configuration allowed this, was the timing. This was detected by Twitter on May 20, 2020. This was not reported to the users for more than a month. While the data leakage issue was limited, as noted, this really should have not taken a month to resolve notify the affected parties.

Resources

Adhikari, R. (2020, June 24). Twitter apologizes for data security incident. Retrieved from https://www.technewsworld.com/story/86726.html

Admin1. (2020, June 26). Twitter suffered a major data breach-but this is why you’re probably safe. Retrieved from https://marijuanapy.com/twitter-suffered-a-major-data-breach-but-this-is-why-youre-probably-safe/

Financial Press. (2020, June 25). Twitter hack: Social media giant suffers ‘huge’ billing information data breach. Retrieved from https://financial-press.uk/2020/06/23/twitter-hack-social-media-giant-suffers-huge-billing-information-data-breach-world-news/

Ians. (2020, June 24). Twitter sorry for data breach involving business clients. Retrieved from https://kalingatv.com/technology/twitter-sorry-for-data-breach-involving-business-clients/

Jay, J. (2020, June 23). Twitter says business users’ data leaked in security fiasco. Retrieved from https://www.teiss.co.uk/twitter-says-business-users-data-leaked-in-security-fiasco/

McLoughlin, B. (2020, June 23). Twitter hack: Social media giant suffers ‘huge’ billing information data breach. Retrieved from https://www.express.co.uk/news/world/1299728/Twitter-data-breach-hack-latest-billing-information-twitter-business-update-twitter-search

McLoughlin, B., & Wilson, R. (2020, June 23). Twitter businesses’ billing information is hacked in data breach. Retrieved from https://www.examinerlive.co.uk/news/uk-world-news/twitter-businesses-billing-information-hacked-18471270

Riley, D. (2020, June 23). Twitter apologizes after exposing business customer information. Retrieved from https://siliconangle.com/2020/06/23/twitter-apologizes-exposing-business-customer-information/

Security Experts. (2020, June 24). Twitter suffers billing information data breach. Retrieved from https://www.informationsecuritybuzz.com/expert-comments/comment-twitter-suffers-billing-information-data-breach/

Sharma, A. (2020, June 24). Twitter discloses billing info leak after ‘data security incident’. Retrieved from https://news.knowledia.com/IN/en/articles/twitter-discloses-billing-info-leak-after-data-security-incident-1dc82af759dc4c7451ea428b26c622dc5f438e6e

Techradar.com (2020, June 26). Twitter suffered a major data breach-but this is why you’re probably safe. Retrieved from https://www.thetechstreetnow.com/tech/twitter-suffered-a-major-data-breach--but-this-is-why-youre-probably-safe/10326781581085137573/10326781581085137573/

About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.

Check back soon

Once posts are published, you’ll see them here.

Cybersecurity and Linux SSH Servers

Cybersecurity and the Auto Industry

Cybersecurity and the Energy Sector

Cybersecurity and Costs

Cybersecurity and Electronic Health Records

Cybersecurity and IoMT

Cybersecurity and Obscurity

Cybersecurity and New Devices and Old Problems

Cybersecurity and the Diversity of Data

Cybersecurity and Compromises

No tags yet.

Cybersecurity and Social Media

Featured Posts

Recent Posts

Archive

Search By Tags

Follow Us