400 million Twitter accounts are affected by a massive Twitter data breach, according to a hacker. With users flocking to the rival Mastodon, controversial new view count feature, and now the breach; Twitter road is too rough.
The exposed data are now for sale on the dark deep web. The hacker claims the information is confidential and contains the email addresses and phone numbers of famous people, government officials, businesses, and normal users.
A sample of the data was shared on one of the hacker forums by the hacker to demonstrate the authenticity of the data. The followings are included in the Twitter data breach sample data:
- Email addresses
- Profiles’ dates of creation
- Numbers of followers
- Phone numbers
The hacker released sample data from high-profile user accounts. The Twitter data breach sample includes information from the following sources:
- Alexandria Ocasio-Cortez
- CBS Media
- Donald Trump Jr.
- Doja Cat
- Charlie Puth
- Sundar Pichai
- Salman Khan
- NASA’s JWST account
- Ministry of Information and Broadcasting, India
- Shawn Mendes
- Social Media of WHO
If the data leak is true, it’s destructive, but most of the traces will point to the social media team. The information was accessed through an API vulnerability that allowed the threat actor to query any email or phone number and receive a Twitter profile.
According to reports, the Twitter data breach hacker is negotiating a purchase of the data with Twitter CEO Musk in an effort to sidestep potential GDPR-related legal action.
The hacker claims that they will destroy the data and not sell it to anyone else if Musk pays the ransom “to avoid a lot of celebrities and politicians from Phishing, Crypto frauds, Sim swapping, Doxxing, and other things.”
Targeted phishing attempts via text and email, sim switch attacks to get access to accounts, and doxing are all possible outcomes of a data breach using such information.
Users are urged to take measures such as using a private, self-hosted crypto wallet, changing their passwords frequently, storing them safely, and using two-factor authentication settings on all of their accounts.
After WhatsApp, LinkedIn, and Twitter itself caught in data breaches earlier this year, this breach will be the bigger one. It’s a never-ending story with popular social media apps and their breaches.
An Israeli cyber intelligence agency called Hudson Rock reportedly discovered the sale first