#cybersecurity | hacker | Twitter goes after Baby Peanut, API threat

organizations attempted to manipulate Twitter to their benefit over the last
few months, one was potentially a nation-sponsored actor. The other was a peanut
by comparison.

The more serious case was revealed by Twitter on February 3 when it reported it had shut down an attempt by a possible nation-state actor to exploit an API and match usernames to phone numbers.

The second
involved an attempt by the social media operators behind Planter’s Peanuts to make
the resurrection of Mr. Peanut, shown in a Super Bowl commercial with the birth
of Baby Peanut, go viral.

In the first case, Twitter noticed the API manipulation on Dec. 24, 2019. At this time someone began using a large number of fake Twitter accounts to exploit a feature in the site’s API that enables users to be matched to phone numbers registered to specific accounts. This was created to help new users find acquaintances on Twitter by using their phone number.

By abusing
this feature, the malicious actors could send out requests using phone numbers
obtained in legal or illegal manner and then grab the account names for any
matches. Those without this setting enabled or who do not have a phone number
associated with their account were not impacted.

“After our
investigation, we immediately made a number of changes to this endpoint so that
it could no longer return specific account names in response to queries. Additionally,
we suspended any account we believe to have been exploiting this endpoint,”
Twitter said.

investigation found the fake accounts being used were from a wide range of
countries but observed a particularly high volume of requests coming from
individual IP addresses located within Iran, Israel, and Malaysia.

This could
indicate the IP addresses have ties to state-level-sponsored actors. All were immediately

The API endpoint
has been changed so it no longer returns specific names in response to this

More recently, Twitter suspended three accounts owned by Planters, a subsidiary of the Kraft Heinz Food Company, that began retweeting memes in conjunction with the commercial announcing the birth of Baby Peanut in an attempt to make the story go viral, reported Business Insider.

Because the retweeted
memes were part of a coordinated promotional effort they may have violated
Twitter’s policy on this issue which states “You may not use Twitter’s
services in a manner intended to artificially amplify or suppress information
or engage in behavior that manipulates or disrupts people’s experience on

Business Insider cited Kraft Heinz as saying, “As we prepared to launch Baby Nut, we knew our fans would want as much content as they could get. After consulting with Twitter, we launched three meme-sharing accounts (BabyNutBaby, @BabyNutMemes and @BabyNutLOL) in a fashion we believed was compliant with its terms of service.”

In the end, the company decided to not rub any salt in the wound and accepted the decision.

Original Source link

Leave a Reply

National Cyber Security Consulting App







National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.