Threat Actor Claims 400 Million Twitter Users' Data for Sale


Swirling in the turbulent blue vortex of check marks and near-daily tumult that is Elon Musk’s Twitter, another new and troubling story broke earlier this week. According to a massive discovery made by cybercrime intelligence agency Hudson Rock, the user data from more than 400 million Twitter accounts in December 2021 has been exposed, with said data now up for sale on the dark web.

The “credible threat actor” behind this worrying breach shared a sample of the stolen data to demonstrate its authenticity. Accounts’ usernames as well as real names, emails addresses, phone numbers and more were allegedly pulled, including data from high-profile users like government officials and agencies (e.g. Alexandria Ocasio-Cortez, NASA’s James Webb Space Telescope account, and the WHO) on top of musical celebrities, accounts of foreign authorities, the NBA and others.

According to Dataconomy, Hudson Rock suspects that the hacked information was accessed through an API vulnerability. This flaw, while purportedly fixed in January of this year, was evidently still accessed and abused.

On a hacker forum, the threat actor claimed this is a “sensitive time” before (in what seemed like a direct retort to Musk) said “… just run a poll like usual and people will choose their fate” (as Musk has often done in the past, regarding polling about politics, charged social discourse, and even the status of a new Twitter CEO if he were to step down).

It appears the hacker’s goal is to sell 2021 data back to Musk and Twitter as a whole; for them to buy the data exclusively in order to avoid paying larger GDPR breach fines.

Not only are many now-public identities under the microscope, but banking information and addresses can also often be found via access to phone numbers. (And with more exposed account info, potential phishing attempts and dangerous crypto scams can be enacted more easily, too.)

Right now, tips for lower-profile users include enabling 2FA (via an app, as opposed to a phone number) along with securely-stored passwords, and the use of private, self-hosted crypto wallets for any to which this applies.

This story will be monitored as it develops, with the hopes that Twitter is able to rectify the situation without seeing more data fall in harm’s way.

Edited by Erik Linask
Get stories like this delivered straight to your inbox. [Free eNews Subscription]
Related Articles

ChatGPT Isn't Really AI: Here's Why

By: Contributing Writer    4/17/2024

ChatGPT is the biggest talking point in the world of AI, but is it actually artificial intelligence? Click here to find out the truth behind ChatGPT.

Read More

Revolutionizing Home Energy Management: The Partnership of Hub Controls and Four Square/TRE

By: Reece Loftus    4/16/2024

Through a recently announced partnership with manufacturer Four Square/TRE, Hub Controls is set to redefine the landscape of home energy management in…

Read More

4 Benefits of Time Tracking Software for Small Businesses

By: Contributing Writer    4/16/2024

Time tracking is invaluable for every business's success. It ensures teams and time are well managed. While you can do manual time tracking, it's time…

Read More

How the Terraform Registry Helps DevOps Teams Increase Efficiency

By: Contributing Writer    4/16/2024

A key component to HashiCorp's Terraform infrastructure-as-code (IaC) ecosystem, the Terraform Registry made it to the news in late 2023 when changes …

Read More

Nightmares, No More: New CanineAlert Device for Service Dogs Helps Reduce PTSD for Owners, Particularly Veterans

By: Alex Passett    4/11/2024

Canine Companions, a nonprofit organization that transforms the lives of veterans (and others) suffering PTSD with vigilant service dogs, has debuted …

Read More