Home

About Us

IT Services

Understanding IT

News

Blog

Support

Contact Us

(713) 979-2090

Blog
  • Register

Zinc Blog

Zinc has been serving the Texas for two decades, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

What Twitter’s API Breaches Mean for Cybersecurity Trends

What Twitter’s API Breaches Mean for Cybersecurity Trends

Back in December of 2021, an API vulnerability impacting Twitter was disclosed. Just a few months later, in July, data from more than 5.4 million users—obtained through this vulnerability—was put up for sale, and more recently, another hacker shared the data online. Let’s take the opportunity to examine the concept of an API attack, and what can and should be done to stop them.

To begin, let’s review what an API, and an API attack, really is.

An API—Application Programming Interface—Enables Communication Between Programs

All an API really is, is a bit of code that allows the applications we all rely on to connect to the Internet in a secure and standardized way. Sending a friend a payment through a money sharing application? There’s an API involved. Adjusting a smart appliance through an app? Thanks, API!

The process works as follows:

  1. You send a command to an application on your mobile device.
  2. The application connects to the Internet to share the data contained in the command.
  3. A server receives the data, interprets it, and carries out the appropriate actions
  4. Your mobile device receives the data back and presents it to you.

Today, APIs are largely standardized, which generally makes them more secure—your device and the server powering the online service are only communicating the absolutely necessary information between them.

Twitter’s API Vulnerability Removed this Separation

An exploit was present in one of Twitter’s APIs that ultimately allowed hackers to identify who owned Twitter accounts by submitting email addresses or mobile phone numbers to the API—and by the time the vulnerability was fixed in January of 2022, the damage was already done.

API Attacks are a Big Deal

Twitter is far from the only example of an API attack, with the vast majority of businesses encountering security problems as a result of these interfaces, a sizable chunk of those suffering a data breach as a result. It is because APIs are inherently trusting of systems that try to connect to them—and so, if an attacker gets access to an API, they have an expressway right into that organization’s databases.

Once they have access to this data, an attacker can then use it as ammunition to improve their social engineering efforts.

How to Avoid the Impacts of API Attacks

The key to avoiding API attacks is to teach your team about them, largely by helping them to identify various scams like phishing before this kind of information is successfully exfiltrated from your business. In short, you need to make sure that they can identify phishing attacks, and that a variety of other security measures are in place, like two-factor authentication and sufficient password practices.

We’re Here to Help You Maintain Your Security

Reach out to Zinc at (713) 979-2090 to learn more about how we can help you protect your business’ operations.

Patience Can Equal Productivity
Cloud Computing May Be the Answer to Your Technolo...
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Sunday, December 22, 2024

Captcha Image

Mobile? Grab This Article!

QR-Code dieser Seite

Latest News & Events

Zinc is proud to announce the launch of our new website at http://www.zinctx.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our ser...

Contact Us

Learn more about what Zinc can do for your business.

Call Us Today
Call us today
(713) 979-2090

3536 Hwy 6, #158
Sugar Land, Texas 77478