Twitter is once again the victim of a major hack. The personal data of several million users – including one million in France – is freely accessible on the Dark Web. What open the door to identity theft…
While the arrival of Elon Musk at the head of Twitter sows chaos on the Internet, the social network is at the heart of a new controversy following revelations on the massive leak of the personal data of several million users on the Dark Web which took place in January. As a reminder, the data of 5.4 million accounts, including e-mails, telephone numbers and account names, which can seriously harm the anonymity of some hidden users last a pseudonym, but also data verified status, location, description, number of followers, account creation date, number of friends, number of favorites, and even profile pictures. The problem is, there are a lot more than the company claimed, and they’ve been widely distributed across the web…
Twitter data leak: an underestimated extent
In January 2022, hackers had managed to steal the personal data of 5.4 million users thanks to a security breach introduced by an update in June 2021. They had taken advantage of the option “Allow people who have your phone number to find you on Twitter” – option which can of course be deactivated from the settings. The database was put up for sale this summer on a hacking forum, as recognized by the social network. According to him, only one entity had exploited this flaw. Finally, this is the official version. In reality, these data have been widely disseminated, and their number is much higher. Chad Loder, a world-renowned security expert, explained in a thread – before being banned and taking refuge on Mastodon – that he compared the initial database – those concerning 5.4 million accounts – with the one circulating currently on the Dark Web:“It’s NOT the same data. Completely different format, different accounts affected. Probably multiple players all exploiting the same vulnerabilities in 2021.”
Specialized media Bleeping Computer and 9toMac checked the facts and confirmed the findings of Chad Loder They got in touch with the hacker who currently shares the 5.4 million Twitter accounts on a forum. However, he claims not to be responsible for this new leak, which includes 1.4 million additional Twitter user profiles. That’s a total of nearly 7 million affected accounts, far more than the original data sold in August. Chad Loder explains that 1,377,132 French accounts have been listed. “The dataset includes verified accounts, celebrities, prominent politicians and government agencies,” he specifies. Hackers can use them to carry out personalized phishing campaigns to steal user credentials, such as an email or text message claiming that the account has been suspended, that there are problems logging in or that the user is on about to lose its certified status. It would seem that these revelations are not to Elon Musk’s taste since Chad Loder’s account has been suspended from his statements, as well as those of other cybersecurity researchers. Like what, freedom of expression on the blue bird has become variable geometry…