A hacker claims a large Twitter data breach has affected 400 million accounts. A Twitter user who claims to have obtained the contact information for 400 million users has posted a message urging Twitter CEO Elon Musk to contact law enforcement.
After the recent breach, Elon Musk seems to have no end to the problems plaguing his company, including customers fleeing to the rival Mastodon and a controversial new view count feature. The seller, identified as Ryushi, is a frequent poster on sites focusing on security breaches. He claims the information was obtained by exploiting a flaw in Twitter’s system. People like Vitalik Buterin, Sundar Pichai, and Mark Cuban may have had their personal information stolen.
Twitter data breach: 400 million users affected, according to a hacker
In a massive data breach, more than 400 million Twitter accounts were compromised, and their contents are now up for sale on the dark web. The hacker claims the data is private and comprises the contact details of celebrities, public figures, corporations, and ordinary individuals. The message was apparently found initially by the Israeli cyber intelligence agency Hudson Rock.
BREAKING: Hudson Rock discovered a credible threat actor is selling 400,000,000 Twitter users data.
The private database contains devastating amounts of information including emails and phone numbers of high profile users such as AOC, Kevin O'Leary, Vitalik Buterin & more (1/2). pic.twitter.com/wQU5LLQeE1
— Hudson Rock (@RockHudsonRock) December 24, 2022
The hacker posted a sample of the data to one of the hacker sites to prove its legitimacy. The Twitter data breach samples include the following:
- Email addresses
- Names
- Usernames
- Numbers of followers
- Profiles’ dates of creation
- Phone numbers
The fact that the hacker leaked information from prominent users’ accounts is surprising. Data from the following sources were compromised in the Twitter data breach:
- Alexandria Ocasio-Cortez
- SpaceX
- CBS Media
- Donald Trump Jr.
- Doja Cat
- Charlie Puth
- Sundar Pichai
- Salman Khan
- NASA’s JWST account
- NBA
- Ministry of Information and Broadcasting, India
- Shawn Mendes
- Social Media of WHO
The sample collection has a lot more information from prominent users. It would be devastating if the data leak were real, but most of the evidence would lead to the social media department. According to Alon Gal, co-founder and CTO of Hudson Rock, the threat actor may have exploited a flaw in the API to obtain the information by querying any email address or phone number and receiving a Twitter profile.
“Twitter or Elon Musk if you are reading this you are already risking a GDPR fine over 5.4m breach imagine the fine of 400m users breach source. Your best option to avoid paying $276 million USD in GDPR breach fines like facebook did (due to 533m users being scraped) is to buy this data exclusively.”
The hacker explains his motives in his post
The hacker responsible for the Twitter data breach suggests he is open to mediating the ‘Deal’:
“After that I will delete this thread and will not sell this data again. And data will not be sold to anyone else which will prevent a lot of celebrities and politicians from Phishing, Crypto scams, Sim swapping, Doxxing and other things that will make your users Lose trust in you as a company and thus stunt the current growth and hype that you are having also just imagine famous content creators and influencers getting hacked on twitter that will for sure Make them ghost the platform and ruin your dream of twitter video sharing platform for content creators, also since you Made the mistake of changing twitter policy that got an immense backlash.”
The hacker
As Alon Gal points out, Twitter has introduced a “readers context” by attributing the 400,000,000-strong Twitter user database to the August data leak that affected 5,400,000 people.
“This is easily disproved by comparing the samples in the new leak to the older 5.4m version which had already been leaked publicly. 250 out of 1000 are found. (the count would have been lower had it been a sample of non-verified accounts) I can’t share some sensitive information I have, but as time goes on I am more confident this is a 400,000,000 users leak, and as always, it will unfortunately leak to the hands of every hacker for free.”
As a result of Elon Musk’s sledgehammer attack on Twitter’s business and policies, he may be the target of a large data hack. An investigation into the earlier security breach is presently underway by the DPC.
An investigation into a previous Twitter data leak that affected over 5.4 million users was announced by the Irish Data Protection Commission (DPC) the day before the claim of a data breach by the social media platform.
Check out how FBI responds to the allegations on the Twitter files
How did the alleged Twitter data breach happen?
The seller of the Twitter data breach, known only as Ryushi, claims the data was stolen by exploiting a security flaw. Hacker Sunny Nehra has claimed that additional information was taken through the same vulnerability used in the purported Twitter data theft.
It has been reported that the hacker is attempting to sell contact information for prominent Twitter users like Alphabet and Google CEO Sundar Pichai, Bollywood actor Salman Khan, the Indian Ministry of Information and Broadcasting, Elon Musk’s SpaceX, CBS Media, Donald Trump Jr., and American politician Alexandria Ocasio-Cortez.
2/ Twitter had accepted that the said API flaw was abused in the wild but it’s high time now that they also confirm how many exact users and who all were infected (alert all those users). We can’t wait for some or other new dumps related to the same flaw getting leaked with time.
— Sunny Nehra (@sunnynehrabro) December 26, 2022
It has been reported that the hacker responsible for the Twitter data breach is in talks with Twitter’s CEO, Elon Musk, to acquire the data in an effort to avoid legal action connected to the General Data Protection Regulation (GDPR).
To “prevent a lot of celebrities and politicians from Phishing, Crypto scams, Sim swapping, Doxxing, and other things,” the hacker demands that Musk pay a ransom before he destroys the data and refrains from selling it to anyone else.
A data breach might probably lead to targeted phishing attempts via SMS and email, sim swap assaults to get access to accounts, and doxing.
As of this writing, the Twitter data breach post allegedly made by the hacker advertising the database for sale has not been removed.
User actions, including using a self-hosted crypto wallet, changing passwords often and storing them properly, and enabling two-factor authentication (through an app rather than a phone number), are strongly recommended.
