400 Million Twitter Users’ Data was For Sale On The Illicit Market

400 Million Twitter Users’ Data was For Sale On The Illicit Market

As per rumors, 400 million Twitter users’ private emails and linked phone numbers were available for purchase on the black market. The claimed credible threat of selling a private database counting the contact information of 400 million Twitter user accounts were made by the cybercrime intelligence firm Hudson Rock on December 24. However, It has not been possible to fully verify the hacker’s claims due to a large number of accounts, but as stated by Hudson Rock, independent verification of the material itself seems to be true.

A Web3 security firm called DeFiYield evaluated the 1,000 accounts the hacker gave as a sample and determined that the data was “real.” It also talked with the hacker on Telegram, indicating their keen anticipation of a transaction there. If true, the negotiation could put Twitter users who use pennames and cryptocurrency at serious risk. However, considering that there are approximately 450 million active monthly users, several people have commented that it is difficult to imagine such a big breach.

Presently, time of writing, the claimed hacker still has a post on contravened advertising of the database to buyers. Elon Musk is purposely recommended to pay $276 million to stop the sale of the data and avoid General Data Protection Regulation agency fines. Musk must pay the ransom before the hacker destroys the data and makes a guarantee not to sell it to anyone else, they claim that to spare many politicians and celebrities from Phishing, Crypto scams, Sim swapping, Doxxing, and other things.

On Twitter, the “Zero-Day Hack” involved the exploitation of an application programming interface vulnerability from June 2021 before it was mended in January of this year, which is thought to be the source of the conceded data in question. By commendably scraping sensitive information, hackers were able to form databases that they later sold on the dark web. As per the reports, from Bleeping Computer on November 27, in addition to this suspected database, two others have also been revealed, one of which is believed to have as many as 17 million users, and the other of which has approximately 5.5 million users.

Targeted attempts on phishing via email and text, sim switch attacks to access accounts and the doxing of private information are risks related to having such information released online. Therefore, people are anyhow encouraged to take safeguards including updating their passwords and storing them securely, making use of a private self-hosted crypto wallet, and ensuring sure two-factor authentication settings are enabled for all their multiple accounts, via an app and not by their phone number.

On the other hand, DeFiYield asserted that the 1,000 rows provided by the hacker as an example did indeed match the actual data after taking a closer look. However, given that there are 400 million active users on the social network each month, it is surprising that a data leak was not discovered sooner by the Twitter staff and Elon Musk when he acquired the business.

Hacker calls out Elon Musk

If this data leak is accurate, it may be quite concerning for participants in the cryptocurrency ecosystem who use Twitter under aliases or pseudonyms because their identities may be made public. Scammers face an even bigger threat since they might be held accountable for their actions in court.

Of course, average consumers are the ones who are most at risk. Malicious actors may use these email addresses to conduct phishing attacks. Email is still frequently used to spread frauds that allow for the theft of cryptocurrencies or NFTs. The hacker called out Elon Musk in addition to offering the data file for sale. He promised to provide him $276 million in exchange for his not selling the data and forgoing a fine from the General Data Protection Regulation (GDPR) agency.

In case you forgot, CNIL fined Uber in 2018 for disclosing private information on 57 million users, including 1.4 million in France. Some users believed that the fine, which totalled 400,000 euros for the French subsidiary, was too low.

For the Latest Crypto News follow the Coinography and Subscribe our YouTube channel or follow us on social media platforms like Twitter, Facebook, Instagram and Linkedin.

You Might Also Like

About Maria Morgan

Maria Morgan is a full-time cryptocurrency journalist at Coinography. She is graduate in Political Science and Journalism from London, her writing is centered around cryptocurrency news, regulation and policy-making across the glob.

View all posts by Maria Morgan →