Lessons to Learn in Light of Twitter’s API Breaches

a person holding a smart phone with twitter on the screen

Back in December 2021, an API attack on Twitter took place. It left 5.4 million users with leaked data the following July. The data was put on sale via the black market and was once again put up for sale recently. This shows how disruptive these phishing attacks can be. Today we will discover what an API attack is and why you need to be aware of this advanced type of social engineering that could put your data at risk in the future.

What is an API?

API stands for application programming interface. This is what allows a program to communicate with another one in a standardized manner. APIs can be used to send money through a single shared application.  They can also control a smart appliance in your home via an app. They work in this way:

  1. A command is sent to an application with your mobile device. 
  2. The application will then connect to the Internet and share the command and the data associated with it. 
  3. A server will then receive the data and interpret it to carry out the requested actions.
  4. The device receives the data and shows it to the user.

APIs are generally standardized, which means they should usually remain secure as they only send the needed information. However, a phishing attack like this terrible Twitter hack could result in vulnerabilities in the system.

The Twitter API Hack

When one of Twitter’s APIs was exploited, it allowed the hackers who carried out the attack to identify who owned individual Twitter accounts. It used the API to submit phone numbers and email addresses, and the issue didn’t get fully resolved until January 2022. Millions of users were the victims of this attack, leaving their personal information out in the open and lowering trust in this popular social media site.

How Serious Are API Attacks?

While you might not think you need to worry about API attacks if you run a smaller website or system, they are something that everyone should be taking seriously. Twitter is not the only company to become a victim of data theft, as so many businesses use API functionality. APIs are built in a way that can build trust with the systems they connect to, allowing hackers full access to your company’s data if they perform an API attack. This can then be used for further social engineering attacks, causing havoc and disruption for your business and clients.

How Can You Prevent an API Attack?

The first step to preventing an API attack is to educate your team about them as much as you can. You should minimize access to sensitive accounts, protecting your passwords and account access with password management tools and two-factor authentication where possible. Try to teach your team about phishing attacks and the complex methods that scammers now use, so they can recognize the signs of these in the future.

Let Us Help You

Our team is here to help support you and reduce the chance of API attacks in the future. Contact us today to discover your options or to discuss any questions you have on this topic.

Contact Us Today!

Also, check out our cabling services!

Watch Out for Cyber Attacks this Holiday Season

watch out for cyber attacks this holiday season. technology challenges

Cyber security is something we all need to worry about, but the holiday season may make us more vulnerable to certain kinds of cyber attacks, most of which revolve around holiday shopping.

Here are some of the scams that tend to show up this time of year:

E-Skimming

The target of e-skimming is company’s online stores. The attackers tend to go for medium-sized companies that have a good number of customers but don’t have the cybersecurity resources of, say, Amazon. They insert malicious code into the shopping cart that harvests personal information when you buy something. While there is only so much you can do, using a strong password or passphrase is helpful.

Public Wi-Fi Problems

If you shop in the store, you might think you are safe from cyberattacks. However, with more and more people hooking up a device to the internet during their shopping trip, whether while taking a break or to compare prices on an item, scammers have a window. Malls and stores offer free wi-fi, and this can be compromised. Public wi-fi can be vulnerable to hackers, and rogue operators may also set up fake wi-fi networks, tricking you to connecting to them instead. Avoid connecting to public wi-fi, and if you must, be very careful what you do on it. Never do financial transactions over public wi-fi and if you use it regularly consider getting a VPN.

Scammy Social Media Promotions

We’re all looking for deals this time of year. And promotions show up all over social media. They might offer free gift card codes, free giveaways, massive discounts on items. In some cases these promotions are designed to trick you into clicking on an infected website. They might also be trying to get your personal information in exchange or a free item that is either extremely cheap or doesn’t even exist. If a promotion looks too good to be true, it is.

Phishing

Phishing spikes around the holiday season, particularly in certain areas. The following are particularly common:

  • Promotions or giveaways that are too good to be true, as the social media promotions above.
  • Fake notices from your bank telling you a large purchase was made. As a note, if you are a victim of credit card fraud, your bank will call you, not email you, and if they do you should always hang up and call the number on the card, rather than talking to the person who called them.
  • Phony invoices, shipping status alerts, receipts, or order cancellation notices for goods you never ordered or purchased. All of these come with malicious links that if you click on them will take you to the scammer’s site. Often these are attempts to harvest login credentials for major e-commerce sites. If you know you didn’t order the item, ignore the notice. If it’s a real shipping status alert for a gift, then you should be able to check with the person who sent it to you.

Cloned Websites

Website cloning is when the scammers reverse engineer a copy of a real website. It’s often extremely hard for even tech savvy users to realize they are on a clone. E-commerce sites are common victims of website cloning. The scammers will buy a URL that is one character away from the original (typo squatting) and then buy Google ads so it shows up higher. Or they will hack the actual site and add redirects. (Be aware that this is also a common travel scam, usually victimizing hotels and people booking rooms). If you do fall victim to a clone, disputing the charges with your credit card company will usually get you redress.

The holiday season is a time when we’re all stressed and rushed, and scammers will take advantage of that. Be particularly careful. Don’t click on links in email, don’t get fooled by too-good-to-be-true promotions and make sure you’re on the site you think you are on.

For more cyber security advice, contact 4 Corner IT.