The latest reports indicate that the private contact information of shark tank host Kevin O’Leary, Ethereum co-founder Vitalik Buterin, and shark tank host Mark Cuban is among those allegedly for sale.
400 million Twitter users’ data having private emails and linked phone numbers have allegedly been up for sale on the black market.
Cybercrime intelligence firm Hudson Rock pointed to a “credible threat” through Twitter on December 24 in which somebody is believed to be selling a private database having the contact information of 400 million Twitter user accounts.
Hudson Rock stated:
“The private database contains devastating amounts of information including emails and phone numbers of high profile users such as AOC, Kevin O’Leary, Vitalik Buterin & more. In the post, the threat actor claims the data was obtained in early 2022 due to a vulnerability in Twitter, as well as attempting to extort Elon Musk to buy the data or face GDPR lawsuits.”
Hudson Rock stated that while it has not managed to fully verify the hacker’s claims considering the number of accounts, it insisted that an “independent verification of the data itself appears to be legitimate.”
BREAKING: Hudson Rock discovered a credible threat actor is selling 400,000,000 Twitter users data.
The private database contains devastating amounts of information including emails and phone numbers of high profile users such as AOC, Kevin O'Leary, Vitalik Buterin & more (1/2). pic.twitter.com/wQU5LLQeE1
— Hudson Rock (@RockHudsonRock) December 24, 2022
Web3 security company DeFiYield also had a review of 1,000 accounts provided as a sample by the hacker and validated that the data is ‘real’. It also reached out to the hacker through Telegram and noted that they are now actively waiting for a buyer there.
If it is true that the data is compromised, this breach might be a major cause for concern for crypto Twitter users, mainly those who operate under a pseudonym.
Nevertheless, some of the users have highlighted that such a huge-scale breach is hard to believe since the current amount of active monthly users on Twitter reportedly sits at about 450 million.
At the time of publication, the alleged hacker still has a post up on Breached advertising the database to any willing buyers. It also has a particular call to action for Elon Musk to pay $276 million to avoid having that data sold and face a fine from the General Data Protection Regulation agency.
If Musk decides to pay the fee, the hacker says they will delete that data and it will not get sold to anyone else “to prevent a lot of celebrities and politicians from Phishing, Crypto scams, Sim swapping, Doxxing, and other things.”
The breached data in question is believed to have come from the “Zero-Day Hack” on Twitter where an application programming interface vulnerability from Jun. 2021 was extensively exploited before it was repaired in January 2022. The bug mainly lets hackers scrape private information which they then easily compiled into databases to sell on the dark web.
Together with this supposed database, two others have previously been identified, with one comprising nearly 5.5 million users and another thought to have up to 17 million users, based on a Nov. 27 report from Bleeping Computer.
Buy Crypto NowThe dangers of having this kind of information leaked online include targeted phishing attempts through text and email, sim swap attacks to take over accounts, and the doxxing of private information.
There are some serious concerns with this.
#1 – Identities of many pseudo accounts will be public, posing risks for them
#2 – With a phone number, it's super easy to find anyone's address and banking information.
#3 – Multiple phishing attempts via cellphone, physical, or email— Haseeb Awan – efani.com (@haseeb) December 25, 2022
People are now advised to take precautions like ensuring two-factor authentication settings are turned on for different accounts, through an app and not their phone numbers, together with changing their passwords and storing them securely and using a private, self-hosted crypto wallet.
