The trouble continues to get worse for Twitter! Hackers are now spreading the personal data of 235 million social network accounts on the Internet. Something to wreak havoc in the coming weeks…
The bad news and scandals continue for Twitter! As reported by the site cyber news, hackers have put the information of 235 million Twitter users, or nearly 63 GB of data, on the Dark Web for the modest sum of $2. They contain surnames, first names, Twitter handles, telephone numbers and email addresses. A sample of 100,000 identifiers is available free of charge to verify the veracity of the database. Although the passwords are not included in the files, this disclosure is at serious risk of giving rise to phishing, doxxing (the publication of personal data in order to harm the person) or even brute force attacks in the next weeks. Moreover, some users have already had problems, like by English presenter Piers Morgan – a hacker hacked his account to post false information, racial slurs and other insulting messages against the Queen and Ed Sheeran, which caused him to lose a majority of his content and followers – and Scottish actor Graham Mctavish – again, racial slurs and derogatory remarks about Queen Elizabeth II were posted. Everything leads us to believe that the data put online is the same as that which was stolen in December 2022, once the duplicates and other redundant data have been removed, even if nothing is yet certain for the moment.
Twitter hack: Elon Musk is asked to take out the checkbook
A hacker answering to the pseudonym of Ryushi had claimed, at the end of December, to have seized the data of 400 million accounts – unheard of for the social network, which nevertheless faced a massive hack in August 2022 -, whose e-mails and telephone numbers of celebrities and big companies. If any doubt remained about the seller’s words, several details that cybersecurity experts had looked into suggested that, indeed, he would not lie. On a forum, the hacker had challenged the new CEO of Twitter to make him an offer and avoid legal trouble.
On the Dark Web, the hacker had provided a sample of 1,000 accounts so that a potential buyer could verify the authenticity of the stolen data, as reported Security Affairs. Among them were those of the American Democrat Alexandria Ocasio-Cortez, the CEO of Google, the businessman Sundar Pichai and several leading figures in the world of cryptocurrencies, such as Vitalik Buterin, one of the creators of the blockchain. Ethereum. It could however be noted that, if the database was indeed real, it must have had a good number of inactive accounts, because Twitter does not currently have 400 million monthly active users.
BREAKING: Hudson Rock discovered a credible threat actor is selling 400,000,000 Twitter users data.
The private database contains devastating amounts of information including emails and phone numbers of high profile users such as AOC, Kevin O’Leary, Vitalik Buterin & more (1/2). pic.twitter.com/wQU5LLQeE1
— Hudson Rock (@RockHudsonRock) December 24, 2022
Before selling his database to the highest bidder, the hacker recommended to Elon Musk, as he was the new boss of Twitter, to buy it himself in order to protect the social network and avoid a large fine. Also, he wrote in his post: “Twitter or Elon Musk if you’re reading this you currently risk a GDPR fine of over 5.4 million breaches, so imagine a fine for a breach involving 400 million users. Your best bet to avoid paying 276 million of dollars in fines for violating the GDPR like Facebook did (because of 533 million users affected) is to buy this data exclusively”. Indeed, Elon Musk currently faces the risk of a fine for the data leak of 5.4 million accounts in August 2022 – and the consequences of which are more serious than expected. The Irish Data Protection Commission has also opened an investigation into Twitter on this subject, for breach of the General Data Protection Regulation (GDPR) in force in Europe since 2018. To negotiate the price, you had to contact the pirate by private message or on Telegram.
Twitter: the accounts of 400 million users hacked
Several cybersecurity experts had looked into the sample data provided by the hacker to verify its authenticity. This is particularly the case of the intelligence company Hudson Rock. A priori, there was no link with the attack last August because the sample did not show enough similarities with the data of the 5.4 million accounts. This new leak therefore seemed perfectly credible, even if Alon Gal, the co-founder and technical director of Hudson Rock did not confirm the figure of 400 million stolen accounts. This was also what DefiYield thought, a decentralized finance platform, which explained that it had “verified each of the 1,000 accounts given by the hacker”.
400 MILLION TWITTER ACCOUNTS DATA HAS LEAKED!!!
EVERY TWITTER ACCOUNT INCLUDES: email, phone number, and username!
WE GOT IN TOUCH WITH HACKER pic.twitter.com/zL2SdLrbYn
— DeFiYield Web 3 Security (@DefiyieldSec) December 25, 2022
The hacker explained that he had access to this data after finding various flaws in the code of the social network, in particular the one used to steal the data between 2021 and 2022. Alon Gal estimated that he probably relied on a breach of the API (Application Programming Interface) from Twitter, via the “Allow people who have your phone number to find you on Twitter” function. As a reminder, it was corrected by Twitter engineers in early 2022, but several hackers obviously had time to take advantage of it.