Twitter hacked? 400 million user records offered for sale on the black market

The data of 400 million Twitter users, including private emails and phone numbers, is to be offered for sale on the black market.

Cybercrime firm Hudson Rock tweeted on Dec. 24 that it was a “credible threat.” According to the tweet, a private database containing information on 400 million Twitter users is to be sold.

“The private database contains a wealth of information including email addresses and phone numbers of prominent users such as AOC, Kevin O’Leary, Vitalik Buterin and many more,” Hudson Rock said. .

“In the message, the seller claims that the data was collected in early 2022 through a vulnerability in Twitter and that Elon Musk is also believed to be blackmailed with the data. buy it or be sued for GDPR violations.”

Hudson Rock said the company was unable to confirm the hacker’s claims regarding the number of accounts, but “an independent verification of the data itself appears to confirm this”.

Web3 security firm DeFiYield also reviewed 1,000 accounts sampled by the hacker and confirmed the data to be “real”. The company also contacted the hacker via Telegram, stating that the hacker Wait actively on a buyer.

If true, this stolen record could be a major concern for crypto Twitter users, especially those operating under a pseudonym.

However, some users have pointed out that it is hard to believe that the number of dates is as claimed. After all, there are currently around 450 million active users every month.

At the time of writing this article, the hacker’s offer is on the rise violated still accessible. Twitter owner Elon Musk is being asked to pay $276 million to stop selling this data. He would face penalties for violating the GDPR.

If Musk pays the fee, the hacker says he would delete the data and not sell it to anyone. Otherwise, many celebrities and politicians are threatened with “phishing, crypto-fraud, sim swapping, doxxing and the like”.

Hacker’s Offer: Violated

The stolen data is believed to be from the so-called “zero-day hack” on Twitter, in which a June 2021 API vulnerability exploited would have. This was closed with a patch in January of this year. Hackers could use this vulnerability to gain access to private information, which was then combined into databases and sold on the dark web.

Two other databases were previously offered, one consisting of 5.5 million user records and the other of 17 million user records, according to a Nov. 27 report from Bleeping Computer.

Leaking such information could lead to targeted SMS and email phishing attacks, sim-swapping attacks, and doxxing. Doxxing means revealing the true identity behind a pseudonym.

People are advised to take precautions such as 2-factor authentication through an app instead of a phone number. They should also change their passwords and keep them safe and use a private, self-custodial crypto wallet.

Leave a Comment