More privacy concerns hit Twitter

By PrivSec Report2018-12-19T12:06:00+00:00

No comments

User privacy on Twitter has returned to the headlines following two patches that the social media platform had to implement to address glitches in its security systems.

News broke earlier this week that an IT bug was being exploited by hackers, putting county codes of account phone numbers at risk. The nefarious activity had been traced to IP addresses in China and Saudi Arabia.

The reports came after similarly serious revelations regarding a glitch that enabled several applications to read account holders’ direct messages (DMs).

Twitter, like all other social media platforms, has come under intense pressure to issue safeguards for the ways in which it collects and handles private data. Scrutiny has only intensified by hiccups that fall short of data security standards as laid out by the General Data Protection Regulation (GDPR) which came into effect on May 25th 2018.

At the end of the summer, a problem came to light regarding technology that allowed software developers to read users DMs, while prior to this, news broke of another IT botch which caused account passwords to be stored in plain text.

Speaking to Threatpost, researcher Terence Eden, who reported one of Twitter’s IT glitches, said:

“GDPR means that companies are finally starting to take user privacy seriously. The complexity of social apps – and the large amount of legacy code / endpoints – means there are often unexpected ways that your personal data gets leaked.”

During investigations into the bug that exposed county codes of users’ phone numbers, Twitter engineers noticed suspicious activity regarding the customer support form API.

In a statement, Twitter said:

“Specifically, we observed a large number of inquiries coming from individual IP addresses located in China and Saudi Arabia. While we cannot confirm intent or attribution for certain, it is possible that some of these IP addresses may have ties to state-sponsored actors.”

Twitter has since said that the issue was resolved last month.

“Importantly, this issue did not expose full phone numbers or any other personal data. We have directly informed the people we identified as being affected. We are providing this broader notice as it is possible that other account holders we cannot identify were potentially impacted,” Twitter said.

Topics

No comments

Article
Banks poised for increased risk due to AI

2024-04-19T09:06:00Z

A leading banking regulator has issued a stern warning over the risks that financial institutions face as they move to integrate artificial intelligence (AI) and machine learning (ML) into governance operations.
News
Chicago Gears Up for GRC Connect: Sharpen Skills, Network, and Navigate the Future of GRC

2024-04-15T11:39:00Z By Jonathan Sumner, Chief Digital & Marketing Officer, GRC World Forums.

Get ready, Chicago! GRC Connect kicks off tomorrow, bringing together the brightest minds in governance, risk management, and compliance (GRC) for two days of insightful learning, valuable networking opportunities, and expert guidance on navigating the ever-evolving GRC landscape.
Article
New bill proposes US federal data privacy framework

2024-04-12T12:58:00Z

Senate Commerce Committee Chair Maria Cantwell and House Energy and Commerce Committee Chair Cathy McMorris Rodgers have unveiled the American Privacy Rights Act.