#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Twitter Security | Breaking Cybersecurity News | The Hacker News

Hackers Exploited Twitter Bug to Find Linked Phone Numbers of Users

Hackers Exploited Twitter Bug to Find Linked Phone Numbers of Users

Feb 04, 2020
Twitter today issued a warning revealing that attackers abused a legitimate functionality on its platform to unauthorizedly determine phone numbers associated with millions of its users' accounts. According to Twitter, the vulnerability resided in one of the APIs that has been designed to make it easier for users to find people they may already know on Twitter by matching phone numbers saved in their contacts with twitter accounts. To be noted, the feature worked precisely as intended, except someone was not supposed to upload millions of randomly generated phone numbers and abuse Twitter to reveal profiles associated with the contact information users added to Twitter for enabling security features. Though the company is not sure if the bug was exploited by only a single adversary or multiple groups, it has identified several accounts engaged in the attack located in a wide range of countries, primarily from Iran, Israel, and Malaysia. Based on their IP addresses, Twitt
Two Former Twitter Employees Caught Spying On Users For Saudi Arabia

Two Former Twitter Employees Caught Spying On Users For Saudi Arabia

Nov 07, 2019
Two former employees of Twitter have been charged with spying on thousands of Twitter user accounts on behalf of the Saudi Arabian government, likely with the purpose of unmasking the identity of dissidents. According to an indictment filed on November 5 and unsealed just yesterday, one of the charged Twitter employees, American citizen Ahmad Abouammo , left the company in May 2015 and the other, Saudi citizen Ali Alzabarah , left the company in December 2015. Both ex-employees were recruited in 2014 by Saudi government officials with close ties to the Saudi crown prince, Mohammed bin Salman, to access sensitive and non-public information of Twitter accounts associated with known Saudi critics. The information Abouammo and Alzabarah illegally accessed about Twitter users include their email addresses, devices used, browser information, user-provided biographical information, birthdates, and other info that can be used to know a user's location, like IP addresses associate
How to Find and Fix Risky Sharing in Google Drive

How to Find and Fix Risky Sharing in Google Drive

Mar 06, 2024Data Security / Cloud Security
Every Google Workspace administrator knows how quickly Google Drive becomes a messy sprawl of loosely shared confidential information. This isn't anyone's fault; it's inevitable as your productivity suite is purposefully designed to enable real-time collaboration – both internally and externally.  For Security & Risk Management teams, the untenable risk of any Google Drive footprint lies in the toxic combinations of sensitive data, excessive permissions, and improper sharing. However, it can be challenging to differentiate between typical business practices and potential risks without fully understanding the context and intent.  Material Security, a company renowned for its innovative method of protecting sensitive data within employee mailboxes, has recently launched  Data Protection for Google Drive  to safeguard the sprawl of confidential information scattered throughout Google Drive with a powerful discovery and remediation toolkit. How Material Security helps organ
A Twitter Bug Left Android Users' Private Tweets Exposed For 4 Years

A Twitter Bug Left Android Users' Private Tweets Exposed For 4 Years

Jan 18, 2019
Twitter just admitted that the social network accidentally revealed some Android users' protected tweets to the public for more than 4 years — a kind of privacy blunder that you'd typically expect from Facebook . When you sign up for Twitter, all your Tweets are public by default, allowing anyone to view and interact with your Tweets. Fortunately, Twitter also gives you control of your information, allowing you to choose if you want to keep your Tweets protected. Enabling "Protect your Tweets" setting makes your tweets private, and you'll receive a request whenever new people want to follow you, which you can approve or deny. It's just similar to private Facebook updates that limit your information to your friends only. In a post on its Help Center on Thursday, Twitter disclosed a privacy bug dating back to November 3, 2014, potentially caused the Twitter for Android app to disable the "Protect your Tweets" setting for users without their k
cyber security

Uncover Critical Gaps in 7 Core Areas of Your Cybersecurity Program

websiteArmor PointCyber Security / Assessment
Turn potential vulnerabilities into strengths. Start evaluating your defenses today. Download the Checklist.
How To Check If Your Twitter Account Has Been Hacked

How To Check If Your Twitter Account Has Been Hacked

Sep 13, 2018
Did you ever wonder if your Twitter account has been hacked and who had managed to gain access and when it happened? Twitter now lets you know this. After Google and Facebook, Twitter now lets you see all the devices—laptop, phone, tablet, and otherwise—logged into your Twitter account. Twitter has recently rolled out a new security feature for its users, dubbed Apps and Sessions, allowing you to know which apps and devices are accessing your Twitter account, along with the location of those devices. In order to find out current and all past logged in devices and locations where your Twitter account was accessed for the last couple months, follow these steps: Check Twitter Login Sessions On Smartphone: Open the Twitter app, and head on to your profile Tap on 'Settings and privacy' section Inside the section, select 'Account' Once inside the option, tap on 'Apps and sessions' Check Twitter Login Sessions On Desktop Or Laptop: The p
Twitter is Testing End-to-End Encrypted Direct Messages

Twitter is Testing End-to-End Encrypted Direct Messages

May 08, 2018
Twitter has been adopting new trends at a snail's pace. But it's better to be late than never. Since 2013 people were speculating that Twitter will bring end-to-end encryption to its direct messages, and finally almost 5 years after the encryption era began, the company is now testing an end-to-end encrypted messaging on Twitter. Dubbed " Secret Conversation ," the feature has been spotted in the latest version of Android application package (APK) for Twitter by Jane Manchun Wong, a computer science student at the University of Massachusetts Dartmouth. End-to-end encryption allows users to send and receive messages in a way that no one, be it an FBI agent with a warrant, hacker or even the service itself, can intercept them. However, it seems like the Secret Conversation feature has currently been available only to a small number of users for testing. So, if you are one of those lucky ones, you will be able to send end-to-end encrypted Secret Conversation thro
Cybersecurity Resources