Key Ideas:
- On the black market, 400 million Twitter users' private emails and associated phone numbers were for sale.
- While it has not been feasible to fully verify the hacker's claims, according to Hudson Rock, "independent verification of the material itself appears to be legitimate."
- Considering that there are roughly 450 million active monthly users, several people have commented that it is difficult to imagine such a big breach.
According to rumors, 400 million Twitter users' private emails and associated phone numbers were available for purchase on the black market.
The purported "credible threat" of selling a private database including the contact information of 400 million Twitter user accounts was made by the cybercrime intelligence firm Hudson Rock on December 24.
"AOC, Kevin O'Leary, Vitalik Buterin, and other prominent users' emails and phone numbers are among the horrifying quantities of information on the secret database, according to Hudson Rock.
The threat actor attempts to coerce Elon Musk to buy the data or face GDPR lawsuits in the post, where they say the data was discovered in early 2022 due to a Twitter flaw."
It has not been feasible to fully verify the hacker's claims due to the large number of accounts, but according to Hudson Rock, "independent verification of the material itself appears to be true."
BREAKING: Hudson Rock discovered a credible threat actor is selling 400,000,000 Twitter users data.
— Hudson Rock (@RockHudsonRock) December 24, 2022
The private database contains devastating amounts of information including emails and phone numbers of high profile users such as AOC, Kevin O'Leary, Vitalik Buterin & more (1/2). pic.twitter.com/wQU5LLQeE1
DeFiYield, a Web3 security agency, corresponded with the hacker via Telegram, saying that they anxiously anticipated a purchase there, and checked the 1,000 accounts provided by the hacker as a sample and determined that the material was "real."
If true, the compromise could put Twitter users who use aliases and cryptocurrency at serious risk.
Considering that there are roughly 450 million active monthly users, several people have commented that it is difficult to imagine such a big breach.
As at the time of writing, the claimed hacker still has a post on Breached advertising the database to buyers. Elon Musk is specifically urged to pay $276 million to stop the sale of the data and avoid a General Data Protection Regulation agency penalties.
They claim that in order to "spare many politicians and celebrities from Phishing, Crypto scams, Sim swapping, Doxxing, and other things," Musk must pay the ransom before the hacker destroys the data and makes a guarantee not to sell it to anyone else.
The exposed data is believed to have originated from the Twitter "Zero-Day Hack," which involves the exploitation of an application programming interface flaw that existed between June 2021 and January of this year before it was patched.
Hackers Could Produce Data Bases to Sell on the Dark Web Later
According to a post from Bleeping Computer on November 27, there have also been reports of the discovery of two other databases, one of which is said to have 5.5 million users, and the other, which may have as many as 17 million.
The risks of releasing such information online include targeted phishing attempts via SMS and email, sim swap assaults to access accounts, and the doxing of private information.
400 M + Twitter accounts data is on sale, among which the most critical are username, mobile # & email. Hacker was able to provide a sample list of 1000 usernames, and I was able to verify many of them pic.twitter.com/qcrloExBUK
— Haseeb Awan - efani.com (@haseeb) December 25, 2022
It is advised that people take security precautions like as changing and securely saving their passwords, using a private, self-hosted cryptocurrency wallet, and making sure that two-factor authentication settings are setup for their numerous accounts using an app rather than their phone number.
