CNET221 Group Project

Group Members:
Krishi Gandhi 301286200
Prakriti Shrestha 301275824
Sagar Shrestha 301320933
Project Proposal: Analysing the recent cyber security twitter breach.

Introduction:
The objective of this research is to examine and evaluate a recent Twitter cyber security
incident, as reported in the attached article. The hack exposed the email addresses of
approximately 220 million users, putting the affected people's privacy at serious danger. Our
research will concentrate on understanding the attack's characteristics, system, root causes,
effects, and possible measures against similar assaults in the future.

What was the attack??

Email addresses connected to Twitter user accounts were accessed and made public as part of
the attack on the social media platform. Cybercriminals were able to gain private user data
from Twitter as a result of this breach, and they may use that data for identity theft or other
illegal activities.

How did it happen??

Through the use of a Twitter Application Programming Interface (API) risk, the attack
allowed cybercriminals to validate their association with Twitter IDs by entering email
addresses or phone numbers. The attackers also searched the internet for publicly accessible
email addresses connected to Twitter accounts using web scraping software. These methods
were combined by the attackers to create a correlation between email addresses and Twitter
IDs, which led to the significant data breach.
Why did it happen??
A bug in Twitter's systems, particularly in its application programming interface (API), gave
rise to the attack and permitted unauthorised access to user data. Cybercriminals were able to
use this vulnerability as a point of entry to exploit and collect sensitive data. Furthermore, the
collection of email addresses associated with Twitter accounts was made easier by the
application of web scraping techniques. Given Twitter's huge population and the potential
worth of the stolen information on the black market, the attackers most likely chose to target
the platform.

What was the impact??

Around fifty percent of all those who use Twitter were impacted by the hack, which had a
huge impact. People's privacy is at stake since the compromised email addresses can be
exploited for fraud, identity theft, and phishing schemes, among other crimes against
humanity. Large following verified accounts are especially at risk of scams because hackers
take use of the trust these accounts build to carry out follow-up attacks, such pushing fake
cryptocurrency schemes.

How could the attack have been prevented?

Twitter should prioritise system security in order to prevent such attacks in the future. To do
this, it should routinely carry out thorough security audits and assessments in order to find
and fix vulnerabilities. Strong authentication procedures and access controls can also aid in
preventing unwanted access to private user information. Systems for threat detection and
continuous monitoring can also assist in quickly identifying and responding to questionable
activity. Moreover, teaching people on recommended practices for cyber security, like
avoiding clicking on suspicious websites or emails, might lessen the effect of possible
breaches.

Conclusion:
In summary, the Twitter cyber security incident highlights the significance of upholding
strong security protocols to shield user information from illegal access and misuse.
Organisations such as Twitter can enhance their cyber security position and protect user
privacy against emerging cyber threats by taking preventative steps to get insight into the
attack's nature, causes, and effects.

Reference:
https://www.itgovernance.co.uk/blog/criminal-hackers-leak-email-addresses-of-220-
million-twitter-users