- A hacker has put up 400 million Twitter users’ data for sale on the dark web, including phone numbers and email addresses.
- Furthermore, the hacker claimed access to top profiles such as the WHO, Vitalik Buterin, and Salman Khan.
- The hacker wants Elon Musk, CEO of Twitter, to pay $276 million to avoid losing the data.
- According to reports, the stolen data originated from Twitter’s “Zero-Day Hack,” which took place in June 2021.
According to emerging reports, a hacker has put up 400 million Twitter users’ data for sale on the dark web. As revealed, the data contain details such as phone numbers, usernames, creation dates, and emails of some top accounts on the microblogging app.
.tweet-container,.twitter-tweet.twitter-tweet-rendered,blockquote.twitter-tweet{min-height:261px}.tweet-container{position:relative}blockquote.twitter-tweet{display:flex;max-width:550px;margin-top:10px;margin-bottom:10px}blockquote.twitter-tweet p{font:20px -apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,Helvetica,Arial,sans-serif}.tweet-container div:first-child{ position:absolute!Important }.tweet-container div:last-child{ position:relative!Important }
There are some serious concerns with this. #1 - Identities of many pseudo accounts will be public, posing risks for them#2 - With a phone number, it's super easy to find anyone's address and banking information.#3 - Multiple phishing attempts via cellphone, physical, or email— Haseeb Awan - efani.com (@haseeb) December 25, 2022
The hacker claimed to have details of top profiles on the platform. These include the official account of the World Health Organization, Vitalik Buterin, Donald Trump Jnr, Mark Cuban, Salman Khan, and Charlie Puth.
In a recent post, cybersecurity intelligence company Hudson (NYSE:HUD) Rock provided more details about the hacker’s claims.
BREAKING: Hudson Rock discovered a credible threat actor is selling 400,000,000 Twitter users data.The private database contains devastating amounts of information including emails and phone numbers of high profile users such as AOC, Kevin O'Leary, Vitalik Buterin & more (1/2). pic.twitter.com/wQU5LLQeE1— Hudson Rock (@RockHudsonRock) December 24, 2022
To back his claims, the exploiter posted data samples on groups belonging to hackers. Further, Alon Gal, CEO of Hudson Rock, has recently stated that the data shared by the hacker “is increasingly more likely to be valid.”
“The data is increasingly more likely to be valid and was probably obtained from an API vulnerability enabling the threat actor to query any email/phone and retrieve a Twitter profile, this is extremely similar to the Facebook (NASDAQ:META) 533m database that I originally reported about in 2021 and resulted in a $275,000,000 fine to Meta,” Alon Gal said. The hacker calls on the CEO of Twitter, Elon Musk, to pay $276 million to avoid sending the data into the wrong hands.
In addition, the hacker urged the CEO to pay the ransom and avoid a fine from the General Data Protection Regulation agency (GDPR). The hacker also promised to delete the stolen data if Musk paid the ransom.
Data Exploit Resulting from “Zero-Day Hack”
Meanwhile, reports indicated that the hacker got the data due to some vulnerability on Twitter. The stolen data, according to reports, emanated from the “Zero-Day Hack” on Twitter.
In June 2021, hackers exploited an application programming interface bug, aiding them in extracting the data from Twitter’s database. The microblogging app already mended the lapses early this year before the news about the Elon Musk takeover deal surfaced.
On the Flipside
- This is not the first time news about Twitter data breaches has surfaced in recent months. The Bleeping Computer website reported on Nov. 27 that two other databases with 5.5 million and 17 million users were also identified to exploit sensitive data.
Why You Should Care
- Eventually, if the claims of the hacker are valid, the lapses pose a major concern for the crypto community. Firstly, the details of project developers, figures, and traders who operate under pseudonyms are under threat.
- Followers of the affected contacts will become exposed to illicit content that might defraud them of their money. The affected users themselves are exposed to phishing, crypto scams, sim swapping, and doxxing.
- Twitter might suffer immeasurable damages. Aside from a possible fine and lawsuit from the GDPR, users will lose trust in the confidentiality of Twitter, prompting them to seek alternatives.
You may also like:
Twitter Launches Stocks, ETF, Bitcoin (BTC), and Ethereum (ETH) Price Charts, More Features Coming?
Amid Twitter Chaos, Web3 Firm Acquires Mastodon Instance Pawoo.net