400 Million Twitter Users’ Data Is For Sale On The Illicit Market
Key Points:
- Private emails and connected phone numbers from the accounts of 400 million Twitter users were for sale on the illicit market.
- Hudson Rock stated that while it has not been possible to validate the hacker’s claims fully, “independent verification of the data itself appears to be real.”
- Given that there are about 450 million active monthly users, some have noted that such a massive breach is difficult to fathom.
According to reports, private emails and connected phone numbers from the accounts of 400 million Twitter users were for sale on the illicit market.
On December 24, the cybercrime intelligence company Hudson Rock raised the alleged “credible threat” of selling a private database holding the contact information of 400 million Twitter user accounts.
“The private database contains devastating amounts of information including emails and phone numbers of high profile users such as AOC, Kevin O’Leary, Vitalik Buterin & more,” Hudson Rock stated
“In the post, the threat actor claims the data was obtained in early 2022 due to a vulnerability in Twitter, as well as attempting to extort Elon Musk to buy the data or face GDPR lawsuits.”
Given the number of accounts, Hudson Rock stated that while it has not been possible to validate the hacker’s claims fully, “independent verification of the data itself appears to be real.”
DeFiYield, a Web3 security company, examined the 1,000 accounts provided by the hacker as a sample and confirmed that the information was “genuine.” Additionally, it communicated with the hacker via Telegram, noting that they eagerly awaited a purchase there.
If confirmed, the breach might pose a severe risk to cryptocurrency Twitter users, especially those who use aliases.
Given that there are about 450 million active monthly users, some have noted that such a massive breach is difficult to fathom.
The alleged hacker still has a post on Breached offering the database to purchasers as of this writing. A particular call to action is included for Elon Musk to pay $276 million to prevent the sale of the data and a fine from the General Data Protection Regulation agency.
Musk must pay the ransom before the hacker will destroy the data and promise not to sell it to anyone else, they claim, “to save many politicians and celebrities from Phishing, Crypto frauds, Sim swapping, Doxxing and other things.”
The “Zero-Day Hack” on Twitter, which involved the exploitation of an application programming interface vulnerability from June 2021 before it was patched in January of this year, is thought to be the source of the compromised data in question.
Hackers could create databases they later sold on the dark web
In addition to this alleged database, two others have also been discovered, one of which is estimated to have 5.5 million users and the other, which may have as many as 17 million, according to a report from Bleeping Computer on November 27.
Targeted phishing attempts via text and email, sim switch attacks to access accounts, and the doxing of private information are risks associated with having such information released online.
People are recommended to adopt security measures, including updating their passwords and storing them securely, utilizing a private, self-hosted crypto wallet, and ensuring sure two-factor authentication settings are enabled for their multiple accounts via an app rather than their phone number.
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your research before investing.
Join us to keep track of news: https://linktr.ee/coincu
Website: coincu.com
Annie
Coincu News