Vulnerability in Twitter's API in 2021 caused a data leak that exposed private user profile information of at least 5.4 million users. The information is now available for free via a dark web forum.
The now-public whistleblower allegations that Twitter may have active foreign spies on its payroll are sure to raise concerns about insider threats at companies everywhere. But focusing only on potential spies is a mistake.
A shocking whistleblower report from Peiter ‘Mudge’ Zatko, a well-known cybersecurity expert who served as Twitter's head of security from mid-2020 to early 2022, asserts that the company is "grossly negligent" in "several areas" of information security and privacy protections.
The problem stems from developers failing to remove the Twitter API keys they use for authentication from the app before they release it to the public. This creates the possibility of account hijacking.
The primary concern with Twitter’s zero-day security breach is that authoritarian governments might tie names to the anonymous accounts of activists, political opposition and journalists they are targeting.
Twitter has in recent years has begun periodically requiring phone number checks for "account security." What users have not always been aware of is that these items have been added in to Twitter's internal personalized advertising system.
As third-quarter reports roll out, the full effect of the Apple privacy changes to iOS are beginning to be measurable. The early report is that the ad revenue impact is very different for different companies.
Twitter will pay a GDPR fine of €450,000 (about $546,000) in the first EU cross-border enforcement action brought against a tech giant.
Business users' billing information was inadvertently stored in the browser's cache, making it possible for the exposed data to be accessed by users who share computers.