400 million Twitter users’ data have reportedly been up for sale on the black market
According to reports, private emails and connected phone numbers from the accounts of 400 million Twitter users were for sale on the illicit market.
400M Twitter users’ data is reportedly on sale in the black market
On December 24, the cybercrime intelligence company Hudson Rock raised the alleged “credible threat” of the sale of a private database holding the contact information of 400 million Twitter user accounts.
“The private database contains devastating amounts of information including emails and phone numbers of high profile users such as AOC, Kevin O’Leary, Vitalik Buterin & more,” Hudson Rock stated, before adding that: “In the post, the threat actor claims the data was obtained in early 2022 due to a vulnerability in Twitter, as well as attempting to extort Elon Musk to buy the data or face GDPR lawsuits.”
Hudson Rock said that while it has not been able to fully verify the hacker’s claims given the number of accounts, it said that an “independent verification of the data itself appears to be legitimate.”
In the post, the threat actor claims the data was obtained in early 2022 due to a vulnerability in Twitter, as well as attempting to extort @ElonMusk to buy the data or face GDPR lawsuits.
— Hudson Rock (@RockHudsonRock) December 24, 2022
DeFiYield, a Web3 security company, examined the 1,000 accounts provided by the hacker as a sample and confirmed that the information is “genuine.” Additionally, it communicated with the hacker via Telegram, noting that they are eagerly awaiting a purchase there.
If confirmed, the breach might pose a serious risk to cryptocurrency Twitter users, especially those who use aliases.
Given that there are apparently about 450 million active monthly users right now, some people have noted that such a massive breach is difficult to fathom.
The alleged hacker still has a post up on Breached offering the database to purchasers as of this writing. A particular call to action is included for Elon Musk to pay $276 million in order to prevent the sale of the data and a fine from the General Data Protection Regulation agency.
Musk must pay the ransom before the hacker will destroy the data and promise not to sell it to anyone else, they claim, “to prevent a lot of celebrities and politicians from Phishing, Crypto scams, Sim swapping, Doxxing and other things.”
The “Zero-Day Hack” on Twitter, which involved the exploitation of an application programming interface vulnerability from June 2021 before it was patched in January of this year, is thought to be the source of the compromised data in question. By effectively scraping sensitive information, hackers were able to create databases that they later sold on the dark web.
In addition to this alleged database, two others have also reportedly been discovered, one of which is estimated to have 5.5 million users, and the other, which may have as many as 17 million, according to a report from Bleeping Computer on November 27.
#4 – Sim Swap Attacks to take over your bank account, social media or email to steal your funds & confidential information
80% of the SIM Swap Attacks are successful with an average loss of $43,000
So what should you do?
— Haseeb Awan – efani.com (@haseeb) December 25, 2022
Targeted phishing attempts via text and email, sim switch attacks to access accounts, and the doxing of private information are risks associated with having such information released online.
People are recommended to adopt security measures include updating their passwords and storing them securely, utilizing a private, self-hosted crypto wallet, and ensuring sure two-factor authentication settings are enabled for their multiple accounts, via an app rather than their phone number.
- LastPass Hackers Have Started Sending Phishing Text Messages About Upgrading OKX
- Defrost Finance Was Hacked & The Exploit May Have Been A Rug Pull That Made Off With $12 Million