Twitter Data Breach From Former Gartner Cybersecurity Analyst
“The linking of a private email address and phone number associated with a Twitter account has the potential to add an extra dimension to this data breach.
“From what we know so far, it seems likely that an additional attack could be or could already have been launched on high profile users with MFA enabled. We’ve seen what can happen when accounts are compromised on Twitter – usually some kind of cryptocurrency scam efforts – and while there’s been no evidence of such an attack recently, users should be vigilant for unexpected login attempts or unsolicited messages and calls.
“Outside of Twitter, there’s the potential for attackers using the phone number to spoof MFA requests from other services (such as those linked to an @icloud or @gmail account)
“Also, while bug bounties are great for finding vulnerabilities, it is still down to the company to ensure they have sufficiently closed the gap as well as the ability to hunt through historic activity to find evidence of exploration, otherwise they risk being publicly embarrassed just like Twitter over the last few days. Whatever the case, this incident is not a good look for Twitter after a tumultuous few months.”
Gloss