The data of 400 million Twitter accounts was hacked
Twitter is the victim of a new data leak. Due to a security breach, a hacker was able to siphon data from 400 million verified accounts. He put this information up for sale on a forum and persuaded Elon Musk to make an offer to him.
A hacker sold, on Breached, a hacker forum, a database containing the personal information of 400 million verified Twitter accounts. There are email addresses and phone numbers for each account. The anonymity of these Internet users is compromised.
Also read: Arcom is concerned about the massive layoffs that Elon Musk has ordered at the head of Twitter
Many celebrities are involved
In the announcement, the hacker, who calls himself Ryushi, recommended that Elon Musk, the new boss of Twitter, buy a database to protect members of the social network. According to him, an amicable agreement will allow the American platform to avoid the fine for Violation of GDPR (General Data Protection Regulation), which has been in force in Europe since 2018. To convince Elon Musk to take the checkbook, Ryushi reminded that this sensitive data could facilitate the deployment of scams or attacks by phishing.
The hacker involved in the leak clarified the data of many celebrities, including politicians or business leaders. To prove his claims, the hacker shared a sample of the stolen data. There is, for example, information on the Twitter account of the American Democrat Alexandria Ocasio-Cortez or the CEO of Google, Sundar Pichai. Some leading figures in the world of cryptocurrencies are also concerned. This is the case of Vitalik Buterinone of the creators of the Ethereum blockchain.
BREAKING: Hudson Rock discovers a credible threat actor is selling 400,000,000 Twitter users’ data.
The private database contains a wealth of information including emails and phone numbers of high profile users such as AOC, Kevin O’Leary, Vitalik Buterin and more (1/2). pic.twitter.com/wQU5LLQeE1
— Hudson Rock (@RockHudsonRock) December 24, 2022
Hudson Rock’s computer security experts have authenticated hacked data. After independent verification, researchers believe the hacker is telling the truth. It looks like the data of 400 million Twitter users is being sold. This is also the opinion of DefiYield, a decentralized financial platform. It explains existence ” verified every one of the 1,000 accounts provided by the hacker”.
? 400 MILLION TWITTER ACCOUNTS DATA LEAKED!!! ?
⚡️ EVERY TWITTER ACCOUNT INCLUDES: email, phone number, and username!
? WE GOT THE HACKER ? pic.twitter.com/zL2SdLrbYn
— DeFiYield ?️ Web 3 Security (@DefiyieldSec) December 25, 2022
The seller did not mention prices in his ad. To negotiate the price, you must contact the pirate via private message or on Telegram. He specified that the database would be moved to high price to the highest bidderif Elon Musk doesn’t react.
“Twitter hasn’t reached out to me yet, I’m exclusively offering the data if they want it, but if I can’t sell to them, I’ll take other people’s offers”Ryushi explained to the forum.
A Twitter security breach
In the forum, Ryushi claims to have taken advantage a vulnerability in Twitter’s code. He claims he used the breach to steal data between 2021 and 2022. On Linkedin, Alon Gal, CEO of Hudson Rock, believes the hacker likely relied on an API breach (Application Programming Interface) from Twitter. Thanks to this tool, he was able to siphon data from any account that bypasses the security of the social network.
In the eyes of the expert, the operation is remembered the facebook hack in 2019. That year, an attacker obtained the data of 533 million users registered on the social network. The phone numbers of millions of French people have dramatically fallen into the hands of hackers. According to Facebook, a mysterious hacker hijacked the contact import function to exfiltrate data stored on its servers.
A Twitter hacker will do the same. For the record, the “Allow people with your phone number to find you on Twitter” function was the source of a data leak spotted a few months ago. Introduced through an update in June 2021, the flaw was patched by Twitter engineers in early 2022. Before the company could react, several hackers had clearly exploited the vulnerability.