At a glance.
- Twitter exploit may have compromised more than 5 million accounts.
- Cyberattack disrupts NHS 111.
- Twilio discloses data breach.
- Klaviyo discloses data breach.
- RCMP says it used spyware, but not Pegasus.
- Finland's parliament comes under cyberattack.
- Cyberattacks against a UK firm that's criticized Russia's war.
- Cisco discloses a security incident.
- Joint warning on Zeppelin ransomware.
- Blueprint to assist small and mid-sized businesses with ransomware released.
Twitter exploit may have compromised more than 5 million accounts.
Last Friday Twitter disclosed a cyberattack that compromised some users' personal information. "In January 2022, we received a report through our bug bounty program of a vulnerability in Twitter's systems. As a result of the vulnerability, if someone submitted an email address or phone number to Twitter’s systems, Twitter's systems would tell the person what Twitter account the submitted email addresses or phone number was associated with, if any. This bug resulted from an update to our code in June 2021. When we learned about this, we immediately investigated and fixed it. At that time, we had no evidence to suggest someone had taken advantage of the vulnerability." But it turned out that a threat actor had exploited the vulnerability to collect personal information before Twitter applied the patch, and was now offering the stolen data for sale. Twitter is in the process of notifying affected users. BleepingComputer reports that some 5.4 million accounts were scraped for personal data before the vulnerability was fixed.