Identity theft ramped up more than 40% in 2022, with some dubbing the term “scamdemic” to describe the wave of cybercrime.
While 2022 started off on a positive trend, with the estimated number of data compromise victims trending down for the sixth year in a row, the year ended with a Twitter identity breach that catapulted incidents. 42% more Americans were impacted by data breaches in 2022.
Twitter was the victim of the biggest breach of the year, with 221 million Twitter users reporting having some of their data accessed. Neopets, AT&T, Cash App, and Beetle Eye rounded out the top five.
A bug in a Twitter application programming interface (API) allowed attackers to submit contact information, such as an email address, and receive the associated Twitter account, if any, in return. Attackers exploited the flaw to “scrape” personal data from Twitter. While hackers couldn’t access passwords or other sensitive information, the breach exposed the connection between Twitter accounts, which are often pseudonymous, and their associated email addresses and phone numbers, which could potentially be used to identify the anonymous account holders.
The email addresses tied to the 235 million Twitter accounts have been shared in a notable online underground hacking forum, according to a story published by the Washington Post. The leaked data also includes names, and usernames, but does not appear to include passwords or other highly sensitive data.
Some reports calculated the number of compromised accounts as high as 400 million, but after removing duplicates, the final number appears close to 210 million. It includes data on a number of high-profile accounts, such as those of Alexandria Ocasio-Cortez, Donald Trump Jr, and Mark Cuban.
This latest incident follows a July 2022 breach in which a hacker under the alias “devil” posted on Breach Forums that they had obtained personal data on 5.4 million Twitter users, including email addresses and phone numbers. The hacker had apparently exploited a vulnerability to scrape this data from Twitter, and posted it for sale with an asking price north of $30,000.
Twitter users were encouraged to activate two-factor authentication for their accounts, if they haven’t already, and change their password to a strong one not reused on other websites. The Twitter Help Center also encourages account holders to require email and phone number to request a reset password link or code and to ensure your computer software, including your browser, is up-to-date with the most recent upgrades and anti-virus software.
If you’re looking for identity theft protection for your employees, Enfortra offers solutions for various needs across industries, from credit monitoring to restoration and recovery.
