Data on 400 million Twitter users containing private emails and associated phone numbers has reportedly been put up for sale on the black market.
Cybercrime intelligence firm Hudson Rock highlighted a “credible threat” via Twitter on Dec. 24 in which someone is allegedly selling a private database containing the contact information of 400 million Twitter user accounts.
“The private database contains devastating amounts of information, including emails and phone numbers of high-profile users such as AOC, Kevin O’Leary, Vitalik Buterin and others,” Hudson Rock said before adding that:
“In the post, the threat actor claims that the data was obtained in early 2022 due to a vulnerability in Twitter, as well as an attempt to extort Elon Musk to buy the data or face lawsuits under the GDPR.”
Hudson Rock said that while it was unable to fully confirm the hacker’s claims given the number of accounts, it said “independent verification of the data itself is legitimate.”
LOCATION: Hudson Rock discovered that a credible threat actor was selling data on 400,000,000 Twitter users.
The private database contains devastating amounts of information, including the emails and phone numbers of high profile users such as AOC, Kevin O’Leary, Vitalik Buterin and others (1/2). pic.twitter.com/vKU5LLKeE1
— Hudson Rock (@RockHudsonRock) December 24, 2022
Web3 security firm DeFiield also looked at the 1,000 accounts the hacker provided as a sample and confirmed the data was “real.” He also reached out to the hackers via Telegram and noticed that they were active waiting for the customer there.
If found to be true, the breach could be a significant cause for concern for Crypto Twitter users, especially those operating under pseudonyms.
However, some users pointed out that such a large breach is hard to believe, given that the current number of active monthly users is said to be around 450 million.
At the time of writing, the alleged hacker still has the post up Pierced database advertising to customers. It also has a special call to action for Elon Musk will pay $276 million to avoid selling data and face a fine from the General Data Protection Agency.
If Musk pays the fee, the hacker says it will delete the data and not sell it to anyone else “to prevent many celebrities and politicians from phishing, crypto scams, SIM swapping, docking and other things.”
The breach in question is believed to have come from Twitter’s “Zero-Day Hack,” in which an API vulnerability dated June 2021. exploited before it was patched in January of this year. The flaw essentially allowed hackers to scrape private information, which they then compiled into databases to sell on the dark web.
Connected: Crypto Twitter baffled by SBF’s $250 million bailout and return to luxury
In addition to this alleged database, two others were previously identified, one consisting of around 5.5 million users and the other believed to contain as many as 17 million users, according to a November 27 report by Bleeping Computer.
The dangers of leaking such information online include targeted phishing attempts via text and email, SIM swapping attacks to gain access to accounts, and hacking of private information.
There are some serious concerns about this.
#1 – The identities of many pseudo accounts will be public, which poses a risk to them
#2 – With a phone number, it’s super easy to find someone’s address and bank details.
#3 – Multiple phishing attempts via mobile, physical or email
— Haseeb Awan – efani.com (@haseeb) December 25, 2022
People are advised to take precautions such as making sure two-factor authentication settings are turned on for their various accounts, via an app rather than a phone number, along with changing passwords and secure storage, and using private hosting. crypto wallet.