The data of 400 million Twitter users, including private emails and phone numbers, is to be offered for sale on the black market.
Cybercrime firm Hudson Rock tweeted on Dec. 24 that it was a “credible threat.” According to the tweet, a private database containing information on 400 million Twitter users is to be sold.
“The private database contains a wealth of information including email addresses and phone numbers of prominent users such as AOC, Kevin O’Leary, Vitalik Buterin and many more,” Hudson Rock said. .
“In the message, the seller claims that the data was collected in early 2022 through a vulnerability in Twitter and that Elon Musk is also believed to be blackmailed with the data. buy it or be sued for GDPR violations.”
Hudson Rock said the company was unable to confirm the hacker’s claims regarding the number of accounts, but “an independent verification of the data itself appears to confirm this”.
BREAKING: Hudson Rock discovered a credible threat actor was selling the data of 400,000,000 Twitter users.
The private database contains devastating amounts of information, including emails and phone numbers of high profile users such as AOC, Kevin O’Leary, Vitalik Buterin and more (1/2). pic.twitter.com/wQU5LLQeE1
— Hudson Rock (@RockHudsonRock) December 24, 2022
Web3 security firm DeFiYield also reviewed 1,000 accounts sampled by the hacker and confirmed the data to be “real”. The company also contacted the hacker via Telegram, stating that the hacker Wait actively on a buyer.
If true, this stolen record could be a major concern for crypto Twitter users, especially those operating under a pseudonym.
However, some users have pointed out that it is hard to believe that the number of dates is as claimed. After all, there are currently around 450 million active users every month.
At the time of writing this article, the hacker’s offer is on the rise violated still accessible. Twitter owner Elon Musk is being asked to pay $276 million to stop selling this data. He would face penalties for violating the GDPR.
If Musk pays the fee, the hacker says he would delete the data and not sell it to anyone. Otherwise, many celebrities and politicians are threatened with “phishing, crypto-fraud, sim swapping, doxxing and the like”.
The stolen data is believed to be from the so-called “zero-day hack” on Twitter, in which a June 2021 API vulnerability exploited would have. This was closed with a patch in January of this year. Hackers could use this vulnerability to gain access to private information, which was then combined into databases and sold on the dark web.
Two other databases were previously offered, one consisting of 5.5 million user records and the other of 17 million user records, according to a Nov. 27 report from Bleeping Computer.
Leaking such information could lead to targeted SMS and email phishing attacks, sim-swapping attacks, and doxxing. Doxxing means revealing the true identity behind a pseudonym.
There are serious concerns about this.
#1 – The identities of many pseudo-accounts will be public, posing risks to them
#2 – With a phone number, it’s very easy to find anyone’s address and banking information.
#3 – Multiple Phishing Attempts via Mobile, Physical or Email
— Haseeb Awan – efani.com (@haseeb) December 25, 2022
People are advised to take precautions such as 2-factor authentication through an app instead of a phone number. They should also change their passwords and keep them safe and use a private, self-custodial crypto wallet.