Shulou(Shulou.com)11/24 Report--

Thanks to CTOnews.com netizen Coje_He for the clue delivery! CTOnews.com, November 29 (Xinhua) in July this year, cybercriminals took advantage of a Twitter API vulnerability disclosed in December 2021 to start selling data of more than 5.4 million Twitter users on a hacker forum. Recently, a hacker posted this information for free.

The image source PexelsCTOnews.com learned that according to a blog post by Twitter in August, the vulnerability allowed hackers to submit an email address or phone number to API to determine which account they were associated with. Although Twitter fixed the vulnerability in January, it still exposed the private phone numbers and email addresses of millions of users.

Salt Security reports that in the past 12 months, 95 percent of organizations have experienced security problems in API, and 20 percent have suffered data breaches due to security vulnerabilities in API. This high rate of utilization is in line with Gartner's prediction that API attacks will become the most frequent attack vector this year.

API vulnerabilities provide access to unprecedented amounts of data, and Avivi points out that these vulnerabilities provide direct access to underlying data.

The most important threat from this loophole is social engineering. Cyber criminals may use the names and addresses obtained from this vulnerability to target users for email phishing, voice phishing and phishing frauds in an attempt to induce users to hand over their personal information and login credentials.

While these scams are targeted at end users, organizations and security teams can provide timely updates to ensure that users are aware of the threats they are most likely to face and how to deal with them. It is also a good idea for security teams to remind employees to activate two-factor authentication on their personal accounts to reduce the possibility of unauthorized login.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.