Loading...
「ツール」は右上に移動しました。
利用したサーバー: wtserver1
画像 PurpleSec
28いいね 7,823 views回再生

Twitter Zero-Day Exposes Data Of 5.4 MILLION Accounts | Security Insights By #PurpleSec

Social media platform Twitter confirmed they suffered a now-patched zero-day vulnerability, used to link email addresses and phone numbers to users’ accounts, which allowed attackers to gain access to the personal information of 5.4 million users.

The vulnerability allowed anyone to submit an email address or phone number, verify if it was associated with a Twitter account, and retrieve the associated account ID.

More technically, what the security researcher Zhirinovsky reported on HackerOne’s bug bounty platform is that this vulnerability allows any party without any authentication to obtain a Twitter ID (which is almost equal to getting the username of an account) of any user by submitting a phone number/email even though the user has prohibited this action in the privacy settings.

Chapters
---------------
00:00 - Summary Of The Attack
01:03 - What Is A Zero-Day Attack?
01:27 - How Did The Attack Work?
03:02 - Scope Of The Threat
03:30 - Mitigation Steps

About Our Expert
----------------------------
Eva Georgieva
https://purplesec.us/cyber-security-e...

Resources
------------------
► Recent Data Breaches: https://purplesec.us/security-insight...
► PurpleSec’s Cyber Security Maturity Model: https://purplesec.us/learn/
► Build A Vulnerability Management Program: https://purplesec.us/learn/vulnerabil...

Sources
-------------
► https://nordpass.com/blog/what-is-zer...
► https://hackerone.com/zhirinovskiy?ty...
► https://hackerone.com/reports/1439026
►   / an-issue-affecting-some-anonymous-accounts  
►   / two-factor-authentication  

Related Videos
------------------------
► PACMAN M1 Chip Attack:    • PACMAN M1 Chip Attack Explained | Security...  
► Hertzbleed Attacking Intel & AMD CPUs:    • Hertzbleed Attack Impacting Intel & AMD CP...  
► Cleartrip's Massive Data Breach:    • Cleartrip Suffers Massive Data Breach | Se...  
► Maui Ransomware Attack:    • Maui Ransomware Attacking Healthcare | Sec...  
► Conti Ransomware Attack:    • Conti Costa Rica Ransomware Attack Explain...  
► Kaseya Ransomware Attack:    • Kaseya Ransomware Attack Explained: What Y...  
► Saudi Aramco $50 Million Data Breach:    • Saudi Aramco $50 Million Data Breach Expla...  

#Twitter #zeroday #cyberattack

コメント