In what is being called the biggest Twitter data breach, 400 million Twitter users’ data was put up for sale online. This news comes one day after the Irish Data Protection Commission announced that it was investigating a previous Twitter data breach that had affected more than 5.4 million people. The breach occurred in November.
The hacker posted a sample data file on one of the hacker forums to prove the authenticity of the data. The following data is included in the sample: name, email, username, number of followers, creation date, and, in certain cases, phone number.
Surprisingly, the hacker provided sample data from high-profile user accounts. These user data are included in the sample data:
- Mark Cuban
- Alexandria Ocasio-Cortez
- Scott Morrison
- SpaceX
- Linus Tech Tips
- CBS Media
- Vitalik Buterin
- Donald Trump Jr.
- Doja Cat
- Neil deGrasse Tyson
- Charlie Puth
- Sundar Pichai
- Salman Khan
- NASA’s JWST account
- China Daily
- NBA
- Shawn Mendes
- MIB India
- Social Media of WHO
Although most samples will be used to identify the social media team, some may prove false. However, the data leak, if true, could be extremely damaging. Alon Gal, co-founder, and CTO at Hudson Rock, an Israeli cybercrime intelligence firm, said that the data was likely obtained through an API vulnerability. This allowed the threat actor to access any email or phone to retrieve a Twitter account.
The hacker wrote, “Twitter and Elon Musk, if you’re reading this, you’re already at risk of a GDPR violation fine exceeding 5.4M breach. Imagine the 400M users breaching the source. Your best option to avoid paying USD 276 million in GDPR breach fines like Facebook did (due to 533m users being scraped) is to buy this data exclusively.”
He stated that he was open to the Deal. It’ll be done through a middleman. He will delete the thread and will not sell this data again. Data will not be sold to any other person, which will stop a lot of celebrities and politicians from Phishing, Crypto scams, Sim swapping, and Doxxing. Other things that can make your users lose trust in your company and stunt the current growth and hype. Also, think of famous content creators and influencers being hacked on Twitter; that will ruin your dream of a Twitter video-sharing platform for content creators.
Alon Gal states on LinkedIn that while other threat actors may not have verified the data, “The data is increasingly more likely to be valid and was probably obtained via an API vulnerability enabling threat actor to query any phone or email and retrieve a Twitter account, this is extremely similar to the Facebook 533M data that I originally reported in 2021, which resulted in a $275,000,000 penalty to Meta.”
After he has sledgehammered Twitter, a breach of this magnitude could explode Musk’s face.
Related Stories: