The data of 400 million Twitter users is for sale on the black market

The data of 400 million Twitter users containing private emails and linked phone numbers has allegedly been offered for sale on the black market.

Cybercrime intelligence firm Hudson Rock highlighted a “credible threat” via Twitter on Dec. 24 in which someone is believed to be selling a private database containing the contact details of 400 million Twitter user accounts.

“The private database contains devastating amounts of information, including emails and phone numbers of high profile users such as AOC, Kevin O’Leary, Vitalik Buterin and more,” Hudson Rock said. , before adding that:

“In the post, the threat actor claims the data was obtained in early 2022 due to a vulnerability on Twitter, as well as an extortion attempt by Elon Musk. to buy the data or face GDPR lawsuits.

Hudson Rock said that while he was unable to fully verify the hacker’s claims given the number of accounts, he said “independent verification of the data itself appears to be legitimate”.

Web3 security company DeFiYield also reviewed 1,000 sample accounts given by the hacker and verified that the data is “real”. He also contacted the hacker via Telegram and noted that he was actively waiting for a buyer there.

If proven, the breach could be a significant cause for concern for crypto Twitter users, especially those who operate under a pseudonym.

However, some users have pointed out that such a large-scale breach is hard to believe, given that the current number of active monthly users is said to be around 450 million.

As of this writing, the alleged hacker still has a message about violated database advertising to buyers. It also has a specific call to action for Elon Musk to pay $276 million to prevent the data from being sold and face a fine from the General Data Protection Regulation agency.

If Musk pays the fee, the hacker says he will delete the data and it won’t be sold to anyone else “to stop many celebrities and politicians from phishing, crypto scams, SIM swapping, Doxxing and other things”.

Hacker’s Database Announcement: Hacked

The hacked data in question is said to come from the “Zero-Day Hack” on Twitter in which an application programming interface vulnerability of June 2021 was exploited before being corrected in January of this year. The bug essentially allowed hackers to harvest private information which they then compiled into databases to sell on the dark web.

Related: Crypto Twitter confused by SBF’s $250m bond and a return to luxury

Alongside this supposed database, two others have already been identified, one with around 5.5 million users and another with up to 17 million users, according to a Nov. 27 report from Bleeping Computer. .

The dangers of leaking such information online include targeted phishing attempts via SMS and email, attacks by swapping SIM cards to obtain accounts, and doxing private information.

People are advised to take precautions such as ensuring that two-factor authentication settings are enabled for their various accounts, through an app and not their phone number, as well as changing their passwords and store them securely, and also to use a private personal account. -hosted crypto wallet.