Security News
A group of hackers called OurMine hijacked some of Facebook's official Twitter and Instagram accounts over the weekend through a third-party social media management service. The hackers briefly hijacked the Twitter accounts of Facebook and its Messenger application, and the Instagram accounts of Facebook and Facebook Messenger.
FACEBOOK HACKED. An otherwise slow Friday afternoon has been spiced up by a hacker crew that managed to temporarily take control of Facebook's official Twitter account. Exposed details included name, address, phone number, date of birth, Social Security number, and Medicaid ID number.
On Tuesday, Twitter rolled out its plans to handle deepfakes and other forms of disinformation. In a call with reporters on Tuesday, Twitter's head of site integrity, Yoel Roth, said that Twitter's focus under the new policy is "To look at the outcome, not how it was achieved." That's in stark contrast to Facebook, which sparked outrage when it announced its own deepfakes policy a month ago.
December's story of the researcher who tricked Twitter's Android app into matching random phone numbers to 17 million user accounts just took a turn for the worse. The flaw related to Twitter's contact upload feature, by which users upload their contact book to enable them to connect to other Twitter users whose email or phone number matches the data.
Twitter unveiled a plan Tuesday to curb the spread of manipulated content including "Deepfake" videos as part of a move to fight misinformation which could result in violence or other harm. Twitter vice president of trust and safety Del Harvey said the new policy addresses not only deepfakes but other kinds of manipulation, sometimes described as "Shallow fakes" or "Cheapfakes."
The social media giant said that on Dec. 24, 2019, it discovered a large network of fake accounts abusing a legitimate API function on its platform that, when used as intended, allows accounts to find Twitter users that they may already know by matching phone numbers to their Twitter account names. The bad actors were using this legitimate feature to uncover Twitter users - opening concerns that they could have potentially obtained the true identities of human rights activists or dissidents who go under pseudonyms on Twitter.
Twitter on Monday announced that it has suspended a large number of fake accounts that had exploited an API vulnerability to match usernames to phone numbers. The fake accounts were exploiting a feature meant to help users with newly created accounts find people they might already know on the online platform.
As first reported by Business Insider, last week, Kelly had to use his personal Twitter account to vent about having been shut out of the parody account, which he uses to poke fun at the school's social media presence, news and messages to students. Twitter determined the account violated their policy on account impersonation and turned access over to us.
A Twitter API that's intended to help new account holders find people they may already know on Twitter has been abused by known and unknown actors to tie usernames to phone numbers and potentially de-anonymize certain users. "On December 24, 2019 we became aware that someone was using a large network of fake accounts to exploit our API and match usernames to phone numbers. We immediately suspended these accounts and are disclosing the details of our investigation to you today because we believe it's important that you are aware of what happened, and how we fixed it," Twitter shared on Monday.
A Twitter API could have enabled outsiders to match users' phone numbers to their corresponding accounts and potentially unmask anonymous users of the social media site. Still, many users who wanted better account security have likely given their phone numbers to Twitter.