Twitter Biggest Scam: It has been revealed that the personal information of 400 million Twitter users, including their email addresses and phone numbers, is for sale on the dark web. On December 24th, a “credible threat” involving the sale of a private database, including contact information for 400 million Twitter user accounts, was brought to light via Twitter by cybercrime intelligence firm Hudson Rock.
The private database includes emails and phone numbers of high-profile individuals, including AOC, Kevin O’Leary, Vitalik Buterin, and more, Hudson Rock said, adding that the database also includes:
“In the post, the threat actor claims the data was obtained in early 2022 due to a vulnerability in Twitter, as well as attempting to extort Elon Muskto buy the data or face GDPR lawsuits.”
Given the number of accounts, Hudson Rock admits it cannot independently verify the hacker’s claims but adds that “the data itself looks real.” DeFiYield, a Web3 security firm, checked over a sample of 1,000 accounts provided by the hacker and confirmed that they include “actual” information.
A Telegram message to the hacker was also sent, mentioning that the hacker was actively seeking a buyer on the platform. If verified, the breach might be troubling for Crypto Twitter users, especially those who use pseudonyms.
Some users, however, have pointed out that, with 450 million claimed monthly active users, it’s impossible to assume such a massive breach occurred. As of this, the supposed hacker’s Breached advertisement for the database is still active.
Included is a demand that Elon Musk pays $276 million to the entity responsible for enforcing the General Data Protection Regulation or risk having his data auctioned and fined.
If Musk pays the ransom, the hacker promises to remove the information and not sell it to anyone else “to prevent a lot of celebrities and politicians from Phishing, Crypto frauds, Sim swapping, Doxxing, and other things.”
400 M + Twitter accounts data is on sale, among which the most critical are username, mobile # & email. Hacker was able to provide a sample list of 1000 usernames, and I was able to verify many of them pic.twitter.com/qcrloExBUK
— Haseeb Awan – efani.com (@haseeb) December 25, 2022
The “Zero-Day Hack” on Twitter, in which an API flaw discovered in June 2021 was exploited until its patch was released in January of this year, is widely believed to be the source of the compromised data at issue here. The vulnerability allowed hackers to scrape sensitive information, which they assembled into databases and offered for sale on the deep web.
BREAKING: Hudson Rock discovered a credible threat actor is selling 400,000,000 Twitter users data.
The private database contains devastating amounts of information including emails and phone numbers of high profile users such as AOC, Kevin O’Leary, Vitalik Buterin & more (1/2). pic.twitter.com/wQU5LLQeE1
— Hudson Rock (@RockHudsonRock) December 24, 2022
According to a report from Bleeping Computer on November 27th, this is one of three purported databases; the others include 5.5 million and 17 million people, respectively. Targeted phishing via text and email, sim switch attacks to gain access to accounts, and doxing are all possible outcomes of a data leak of this nature.