Hackers Claim To Be Selling Twitter's Sensitive Data Stolen From 400 Million Users

As a hacker claims to have information on about 400 million Twitter users, Elon Musk, the newly appointed owner of Twitter, is facing more and more trouble.

400 million Twitter users' personal information is reportedly in the hands of hackers who have sold it on the black market.

High-profile Twitter users' linked private emails and phone numbers are apparently included in the data.

Getty Images

Cybercrime intelligence company Hudson Rock asserted on Saturday that it had found a "credible threat actor" who was selling the stolen Twitter data.

‘The private database contains devastating amounts of information including emails and phone numbers of high profile users such as AOC, Kevin O’Leary, Vitalik Buterin & more,’ said Hudson Rock in a tweet.

BREAKING: Hudson Rock discovered a credible threat actor is selling 400,000,000 Twitter users data.

The private database contains devastating amounts of information including emails and phone numbers of high profile users such as AOC, Kevin O'Leary, Vitalik Buterin & more (1/2). pic.twitter.com/wQU5LLQeE1
— Hudson Rock (@RockHudsonRock) December 24, 2022

‘In the post, the threat actor claims the data was obtained in early 2022 due to a vulnerability in Twitter, as well as attempting to extort Elon Musk to buy the data or face GDPR lawsuits,’

Given the number of accounts, Hudson Rock acknowledged that it had not been possible to thoroughly validate the hacker's assertions, but said that "an independent verification of the data itself appears to be legitimate,"

2/ Yes, this is real.

We have checked each of 1,000 accounts given by the hacker as the SAMPLE.

We were able to verify the big % of these accounts' data is real: both emails and phone numbers. pic.twitter.com/Q3IsU2GhWh
— DeFiYield ?️ Web 3 Security (@DefiyieldSec) December 25, 2022

DeFiYield, a Web3 security company, also looked at the 1,000 accounts the hacker claimed to possess and confirmed that the information was "real."

Additionally, it used Telegram to communicate with the hacker and let him know they are actively looking for a buyer.

3/ We were able to get in touch with the hacker: we have addressed the question related to the data leak.

The person has been online, as they saw our messages.

Hacker is passionately waiting for the potential seller on TG.

Their contact info can be easily found in 1st tweet. pic.twitter.com/9BEvGG6u0F
— DeFiYield ?️ Web 3 Security (@DefiyieldSec) December 25, 2022

According to speculation, the compromised data originated from the 'Zero-Day Hack' of 2021, which gave hackers access to sensitive data they could subsequently combine into databases and sell on the dark web. This year's bug was patched in January.

‘We have seen data breaches like this before advertising personal information on websites for payments which have turned out to have been largely incorrect,’ said global cybersecurity advisor, Jake Moore.

‘Cybercriminals often hack a small fraction of data and then claim to have far more in their database in order to increase a ransom payment. However, a fraction of the leaked data has been confirmed and can have major consequences with their stolen sensitive information,’

Moore has warned people to be on the lookout for phishing emails and other potential attacks, which frequently emerge in the wake of breaches like these.

‘It is also vital to have two-factor authentication turned on for Twitter and other accounts such as digital wallets,’

Categories

More

Hackers Claim To Be Selling Twitter's Sensitive Data Stolen From 400 Million Users