Faculty and staff are advised to be aware of an increased likelihood of fraud attempts, following the disclosure of personal data from a breach at Twitter dating back to 2021.
In 2021 an attacker was able to to steal the personal data of over 200 million individuals by abusing a vulnerability in one of Twitter’s data interfaces. The attacker was then able to compile this data, containing email addresses alongside public Twitter profile information including names, usernames and follower counts to resolve them to a Twitter profile. This enabled profiles, that the owner thought might be anonymous, to be traced back to real individuals.
In early 2023, these records appeared on a popular hacking forum, as soon after were circulating in public. While this data was already nominally publicly available, the work by the attackers has potentially de-anonymised many ‘private’ accounts, and has provided rich pickings for less tech-savvy individuals with more mundane frauds involving identity theft or spear-phishing.