400 Million Data On Twitter Users Bocor And Now Selled In Dark Market

Screenshot of Twitter's data sales on the black market. (photo: twitter @RockHudsonRock)

JAKARTA As many as 400 million Twitter user data containing personal emails and telephone numbers linked are reported to have been sold on the black market.

Cybercrime intelligence firm Hudson Rock highlighted a "credible threat" via Twitter on December 24, where someone allegedly sold a personal database containing contact information from a 400 million Twitter user account.

BREAKING: Hudson Rock discovered a credible threat actor is selling 400,000,000 Twitter users data.The private database contains devastating amounts of information including emails and phone numbers of high profile users such as AOC, Kevin O'Leary, Vitalik Buterin & more (1/2). pic.twitter.com/wQU5LLQeE1

— Hudson Rock (@RockHudsonRock) December 24, 2022

Personal database contains a large amount of information including high-profile email and user phone numbers such as AOC, Kevin O'Leary, Vitalik Buterin & others, Hudson Rock said, quoted by Cointelegraph.

"In the post, this threat actor claims the data was obtained in early 2022 due to vulnerabilities on Twitter, as well as trying to extort Elon Musk from buying data or facing GDPR lawsuits," Rock said.

Hudson Rock said that while it has not been fully able to verify the hacker's claim, given the huge number of accounts, it thinks "verification is independent of the data itself seems legitimate."

There are some serious concerns with this. #1 - Identities of many pseudo accounts will be public, posing risks for them#2 - With a phone number, it's super easy to find anyone's address and banking information.#3 - Multiple phishing attempts via cellphone, physical, or email

— Haseeb Awan - efani.com (@haseeb) December 25, 2022

Web3 security firm DeFiYield also sees 1,000 accounts provided as samples by hackers and verifys that the data is 'original'. They also reach hackers via Telegram and note that they are actively waiting for buyers there.

If found this to be true, the breach could cause significant concern for Twitter Crypto users, especially those operating under pseudonyms.

However, some users highlight that such large-scale breaches are hard to believe, given the number of Twitter's monthly active users is currently reported to be only around 450 million.

Hackers who are suspected of still have posts in the Ad database that have been violated to buyers. It also has a special invitation to act on Elon Musk to pay USD 276 million (IDR 4.3 trillion) to avoid data sales and face fines from the General Data Protection Regulation agency.

If Musk paid the fee, hackers said they would delete the data and it would not be sold to others "to prevent many celebrities and politicians from Phishing, crypto scams, Sim exchanges, Doxxing, and other things."

The hacked data is known to come from "Zero-Day Hack" on Twitter, where app programming interface vulnerabilities from June 2021 were exploited before being patched in January this year. The bug basically allows hackers to erode personal information, which they then compile into databases for sale on the dark web.

According to a report from Bleeping Computer, on November 27, in addition to this supposed database, two other data have also been identified, one of which consists of about 5.5 million users and the other is estimated to contain 17 million users.

The dangers of leaking such information online include phishing attempts targeted by text and email, sim exchange attacks also to obtain personal information accounts and doxing.

Netizens are now advised to take precautions such as ensuring two-factor authentication settings are enabled for their various accounts, through apps and not their phone numbers, along with changing their passwords and saving them securely and also using crypto wallet private hosts.