[Security Weekly] Twitter API Vulnerability Leads to Data Breach of 5.4 Million User Records

twitter api vulnerability

December 2022, Issue I


1. Twitter API vulnerability leads to data breach of 5.4 million user records

On November 24, over 5.4 million stolen user records were shared for free on the Breached hacker forum, containing public information including Twitter IDs, names, usernames, locations, and verified status, as well as private information from phone numbers to email addresses. This data breach can be linked back to an API vulnerability found in Twitter in December 2021, which was reported by HackerOne through Twitter’s bug bounty program, and later fixed in January 2022.

The API vulnerability allowed hackers to identify a Twitter account if they had the user’s phone number or email address, and vice versa. Although unclear whether HackerOne’s report was leaked, multiple threat actors managed to utilize the flaw to steal Twitter’s user data.

The owner of Breached, Pompompurin, claimed responsibility for the latest data dump. However, security researcher Chad Loder made an unverified claim warning that the 5.4 million user records shared publicly were only the tip of the iceberg, and that tens of millions of additional user data were traded privately.

Even though passwords and financial information were not involved, hackers could easily use the stolen information for social engineering attacks, making it crucial to stay aware of potential phishing emails relating to Twitter.

Web application and API vulnerabilities can be effectively contained by deploying a third-generation logic-based web application firewall (WAF) like WAPPLES.

Sources: SC Media, Forbes


2. Colombian healthcare disrupted by RansomHouse ransomware attack

Keralty, a major healthcare provider in Colombia operating an international network of 12 hospitals, suffered a ransomware attack launched by the RansomHouse ransomware gang, causing disruptions to its hospitals’ IT systems, as well as two of its subsidiaries – EPS Sanitas and Colsanitas.

The hospital network reported issues to its IT systems on November 27, and confirmed it to be a cyberattack on November 30. The attack caused major disruptions to the company’s operations and appointment scheduling services. Local news reported that patients seeking care had to wait in line for over 12 hours, with some emergency patients fainting.

A Twitter user identified the attacker to be the RansomHouse ransomware gang, and revealed a screenshot of the ransom note. Apart from causing service disruptions, the ransomware operator also claimed to have stolen 3 TB of data from the company.

Sources: Infosecurity, Bleeping Computer


3. Belgian police attacked by RagnarLocker ransomware, sensitive data leaked

The RagnarLocker ransomware gang launched an attack against the Belgian city of Zwijndrecht, but ended up hitting Zwijndrecht police. The attack resulted in a leak of highly sensitive data, which exposed thousands of crime investigation reports, fine records, licence plates, and traffic camera footage, containing personal data of victims, witnesses, perpetrators, suspects, and even photos of child abuse.

The ransomware operators gained access to all data records from 2006 to September 2022, making it one of the worst data breaches in Belgian history. Zwijndrecht police initially downplayed the incident by claiming that hackers only accessed a portion of its network that held administrative data, thus affecting staff members only. However, a large amount of sensitive data, which was not supposed to be kept on this network, was compromised in the attack. The police are currently informing all the impacted victims individually.

Despite being a small municipality, the data breach still impacted thousands of people. Given that police networks contain some of the most sensitive information of citizens, all police stations must be strictly protected with the most up-to-date security measures.

Sources: Bleeping Computer, Tech Monitor


Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Database Encryption: D’Amo

Identity and Access Management: iSIGN+ 

Car, Energy, Factory, City Solutions: Penta IoT Security