According to reports on Sunday, the information of at least 400 million Twitter users was compromised and sold on the dark web.
The World Health Organization (WHO), the National Aeronautics and Space Administration (NASA), and the Ministry of Information and Broadcasting, among other organizations, are said to have had their data stolen.
Important information including user names, email addresses, and phone numbers are among the details included in the stolen material.
According to rumours, Twitter has been offered a bargain by the hacker who claims to have stolen the data.
He tweeted on Twitter: “If you are reading this piece, you are already in danger of GDPR fines because over 54 million users’ data was leaked by Twitter or Elon Musk. There are now consequences for the 400 million user data leak.” He cautioned Twitter to exercise caution.
Additionally, the hacker has offered to sell the data. He declared himself willing to work with any middleman. Meanwhile, experts speculate that an API bug may be to blame for this data leak.
Data from more than 400 million Twitter accounts has been made public and is currently being sold on the dark web. The hacker asserts that the information, which includes the email addresses and phone numbers of prominent people, government figures, companies, and everyday consumers, is confidential. Hudson Rock, an Israeli cyber intelligence organisation, reportedly found the posting first.
BREAKING: Hudson Rock discovered a credible threat actor is selling 400,000,000 Twitter users data.
The private database contains devastating amounts of information including emails and phone numbers of high profile users such as AOC, Kevin O'Leary, Vitalik Buterin & more (1/2). pic.twitter.com/wQU5LLQeE1
— Hudson Rock (@RockHudsonRock) December 24, 2022
A sample of the data was shared on one of the hacker forums by the hacker to demonstrate the authenticity of the data. The followings are included in the Twitter data breach sample data:
- Email addresses
- Numbers of followers
- Profiles’ dates of creation
- Phone numbers
The sample collection has a lot more information from famous users. However, most of the traces will point to the social media staff. If the data breach is real, it will be immensely harmful. Alon Gal, the CTO and co-founder of Hudson Rock, hypothesises that the data was obtained using an API flaw that gave the threat actor access to query any email or phone number and obtain a Twitter profile.