Swirling in the turbulent blue vortex of check marks and near-daily tumult that is Elon Musk’s Twitter, another new and troubling story broke earlier this week. According to a massive discovery made by cybercrime intelligence agency Hudson Rock, the user data from more than 400 million Twitter accounts in December 2021 has been exposed, with said data now up for sale on the dark web.
The “credible threat actor” behind this worrying breach shared a sample of the stolen data to demonstrate its authenticity. Accounts’ usernames as well as real names, emails addresses, phone numbers and more were allegedly pulled, including data from high-profile users like government officials and agencies (e.g. Alexandria Ocasio-Cortez, NASA’s James Webb Space Telescope account, and the WHO) on top of musical celebrities, accounts of foreign authorities, the NBA and others.
According to Dataconomy, Hudson Rock suspects that the hacked information was accessed through an API vulnerability. This flaw, while purportedly fixed in January of this year, was evidently still accessed and abused.
On a hacker forum, the threat actor claimed this is a “sensitive time” before (in what seemed like a direct retort to Musk) said “… just run a poll like usual and people will choose their fate” (as Musk has often done in the past, regarding polling about politics, charged social discourse, and even the status of a new Twitter CEO if he were to step down).
It appears the hacker’s goal is to sell 2021 data back to Musk and Twitter as a whole; for them to buy the data exclusively in order to avoid paying larger GDPR breach fines.
Not only are many now-public identities under the microscope, but banking information and addresses can also often be found via access to phone numbers. (And with more exposed account info, potential phishing attempts and dangerous crypto scams can be enacted more easily, too.)
Right now, tips for lower-profile users include enabling 2FA (via an app, as opposed to a phone number) along with securely-stored passwords, and the use of private, self-hosted crypto wallets for any to which this applies.
This story will be monitored as it develops, with the hopes that Twitter is able to rectify the situation without seeing more data fall in harm’s way.
Antivirus software is not enough. Apex Technology Services used its decades of IT and cybersecurity
experience to create budget-friendly network security packages every company needs.
Please take a moment to fill out your information so we can contact you directly regarding your request.
Financial phishing scams, a prevalent form of bank scams in Australia, have plagued Australians for years, leading to significant financial and emotio…
Endpoint Detection and Response (EDR) is a cybersecurity technology that continuously monitors and responds to various threats to an organization's ne…
With the rise of cyber-attacks and high-profile data breaches, companies are increasingly recognizing the need to integrate security into every phase …
A business's brand reputation can either make or break the business. It's a powerful concept that can influence customers, attract new clients, and in…
In the fast-paced landscape of modern software development, the tools and practices you choose can make or break the efficiency of your development pi…