Apparently, data of 400 million Twitter users containing linked private emails and phone numbers have been put up for sale on the black market.
On December 24, cybercrime intelligence firm Hudson Rock posted a “credible threat” on Twitter that it someone is allegedly selling a private database containing contact information for 400 million Twitter user accounts.
“The private database contains devastating amounts of information, including emails and phone numbers of high-profile users. like AOC, Kevin O’Leary, Vitalik Buterin & more,” Hudson Rock stated, before adding that:
“In the post, the threat actor claims that the data was obtained in early 2022 due to a vulnerability in Twitter, as well as trying to extort Elon Musk to buy the data or face GDPR lawsuits.”
Hudson Rock said that while he hasn’t been able to fully verify the hacker’s claims given the number of accounts, he said that an “independent verification of the data itself appears to be legitimate”.
BREAKING: Hudson Rock discovered a credible threat actor is selling 400,000,000 Twitter users data.
The private database contains devastating amounts of information including emails and phone numbers of high profile users such as AOC, Kevin O’Leary, Vitalik Buterin & more (1/2). pic.twitter.com/wQU5LLQeE1
— Hudson Rock (@RockHudsonRock) December 24, 2022
BREAKING NEWS: Hudson Rock has discovered that a credible threat actor is selling data on 400,000,000 Twitter users. The private database contains devastating amounts of information, including emails and phone numbers of high-profile users like AOC, Kevin O’Leary, Vitalik Buterin & more (1/2). pic.twitter.com/wQU5LLQeE1
Web3 security firm DeFiYield also took a look at 1,000 accounts sampled by the hacker and verified that the data is “real.”. He also contacted the hacker via Telegram and noted that he is expecting actively to a buyer there.
If true, the leak could be a major concern for cryptocurrency users on Twitter, especially those operating under a pseudonym.
However, some users have highlighted that it is hard to believe that such a large-scale leak has occurred, given that the current number of monthly active users is around 450 million.
At the time of writing these lines, the alleged hacker continues to publish a post on Breached in which he offers the database to buyers. He also makes a specific request to Elon Musk to pay $276 million to prevent the sale of the data and face a fine from the General Data Protection Regulation agency..
If Musk pays the fee, the hacker says he will wipe the data and it won’t be sold to anyone else. “to prevent a lot of celebrities and politicians from Phishing, crypto scams, Sim swapping, Doxxing and whatnot.”
The compromised data is believed to come from Twitter’s “Zero-Day Hack”, which exploited a vulnerability from the June 2021 API before it was patched in January of this year. The flaw allowed hackers to extract private information that they then compiled into databases to sell on the dark web.
In addition to this alleged database, two others have been identified, one with some 5.5 million users and another believed to contain up to 17 million users.according to a November 27 report by Bleeping Computer.
The dangers of leaking this type of information online include targeted phishing attempts via text messages and email, sim swap attacks to take over accounts, and doxing of private information..
There are some serious concerns with this.
#1 – Identities of many pseudo accounts will be public, posing risks for them
#2 – With a phone number, it’s super easy to find anyone’s address and banking information.
#3 – Multiple phishing attempts via cellphone, physical, or email— Haseeb Awan – efani.com (@haseeb) December 25, 2022
This raises serious problems.
#1. The identity of many pseudo accounts will be public, which poses a risk to them.
#2 – With a phone number, it’s super easy to find anyone’s address and banking information.
#3 – Multiple Phishing Attempts Could Happen Through Mobile, Physical, or Email
People are being advised to take precautions, such as making sure two-factor authentication settings are turned on for their various accounts.through an app and not your phone number, along with changing your passwords and storing them securely, and also using a private, self-hosted crypto wallet.
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information presented here should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
Keep reading:
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the entire amount invested may be lost. The services or products offered are not directed or accessible to investors in Spain.