Data breaches continue to a major problem for all of us. Regardless of how well you protect the security of your personal information on your own computers and devices, you are only as safe as the places that hold your information with the weakest security. In just the last three weeks I have informed you about data breaches as T-Mobile, Neopets and Marriott affecting millions of people and now we have learned about a data breach at Twitter affecting 5.4 million Twitter users. Compromised information includes email addresses and phone numbers which although not as threatening to your well being as Social Security numbers, bank account information and credit card numbers still puts you in jeopardy of identity theft.
Interestingly, Twitter first became aware of the vulnerability exploited by the hacker in January when the flaw was brought to their attention by a white hat hacker who was paid a bounty for bringing this to the attention of Twitter which said that it fixed the problem a few days after becoming aware of it. Many companies and government agencies have bug bounty programs by which they invite white hat hackers to find vulnerabilities in their security and pay substantial bounties to those who bring them to the attention of the company or agency.
Unfortunately, in this case, Twitter didn’t fix it fast enough and the stolen personal information is being sold on the Dark Web, that part of the Internet where criminals buy and sell goods and services.
Hackers who have your cell phone number or email address may use that information to formulate phishing phone calls referred to as Vishing or spear phishing emails to lure you into clicking on malware infected links or provide personal information. Because whenever you receive an email, phone call or text message you can never be sure who is actually contacting you, you should never click on a link or provide personal information in response to such communications until you have absolutely confirmed that the communication is legitimate.
Your phone number also provide other problems. When a criminal knows your cell phone number, he or she can leverage that number through commonly available legal databases such as White Pages Premium and learn information such as your current address, past addresses, the names of your family members and more. The criminal can also use the number to gain access to your social media accounts and can most significantly use the information gained to answer security questions that would allow the criminal to do a SIM swap whereby your cell phone number would be transferred to a phone of the criminal and thereby defeat dual factor authentication where you get a text message or a code sent to your phone when you go to access your bank account online or any other account that requires significant security. I wrote a Scam of the day for June 20, 2022 that goes into detail as to how to protect yourself in regard to the privacy of your cell phone number. Here is a link to that Scam of the day. https://scamicide.com/2022/06/19/scam-of-the-day-june-20-2022-why-you-should-keep-your-cell-phone-number-private/
If you are a Twitter user (or not) you should freeze your credit at each of the three major credit reporting bureaus.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, you can sign up using this link. https://scamicide.com/scam-of-the-day/