Twitter data breach: Hacker put 200M users' private information up for grabs

Published at: Jan. 5, 2023

200 million Twitter users’ private information, including their email addresses, was put for sale after a breach exposed 400M users’ private information in the last week of December 2022.

The hacker behind the December breach has earlier demanded $200,000 from Twitter in a bid to return the stolen data and warned if the demand is not fulfilled, the data will be released for free. The latest set of data posted on the hacker forum has been traced back to the same breach from December 2022.

I went to change my email address and Twitter isn't working. This hack puts activists and whistleblowers in danger. https://t.co/5SrSejgvO6

— Ian Linkletter (@Linkletter) January 5, 2023

Researchers at Privacy Affairs confirmed that the leaked data set on the hacker forum is the same from December. The 200 million number, in this case, resulted from the removal of duplicates. The released data set doesn’t contain phone numbers. The researchers warned that these data sets could be used to initiate social engineering or "doxing" campaigns.

The data set was originally 63GB, but after removing duplicates and compressing the files, the size of the latest data set was reduced to 4GB and free to download. 

The hacker also noted that the analysis of original file dates and account creation dates “strongly suggest" that this was collected from early November 2021 through December 14, 2021.

Related: LastPass data breach led to $53K in Bitcoin stolen, lawsuit alleges

Many users on Twitter demanded that the social media platform looks into security as these hacks put activists and whistleblowers in danger.

I went to change my email address and Twitter isn't working. This hack puts activists and whistleblowers in danger. https://t.co/5SrSejgvO6

— Ian Linkletter (@Linkletter) January 5, 2023

Some of the popular and known names and entities include Sundar Pichai, Donald Trump Jr., SpaceX, CBS Media, the NBA, and the WHO. The data breach vulnerability has been patched now, but tracing back to the hack, it seems the same vulnerability was used for another exploit in July 2022.

Tags
Regulation
Hacks
Hackers
Privacy
Twitter
Data
Related Posts
Updated: New US Treasury sanctions on Russian hackers aim for Monero
Per its Wednesday additions to its list of sanctioned individuals, the United States Treasury Department is targeting Monero (XMR) addresses. Russian nationals Dmitriy Karasavidi and Danil Potekhin have become the newest names on the specially designated nationals list. According to the Treasury’s announcement on the subject, the two engineered an elaborate phishing campaign targeting U.S. citizens in 2017 and 2018. Both parties had a number of cryptocurrency addresses including Bitcoin (BTC) and Ether (ETH), as well as Zcash (ZEC) and Litecoin (LTC). Surprisingly, Karasavidi’s information includes a Monero address: 5be5543ff73456ab9f2d207887e2af87322c651ea1a873c5b25b7ffae456c320. Given Monero's famous built-in privacy features, this is a huge …
Regulation / Sept. 16, 2020
Law Decoded: Governments vs. blockchain privacy, Sept. 4-11
Every Friday, Law Decoded delivers analysis on the week’s critical stories in the realms of policy, regulation and law. Editor’s note One of the most persistent myths about Bitcoin is its supposed anonymity. More properly termed pseudonymity, BTC wallets are permanently tied to their public keys. Most of you know that. But it took government investigators years of trying to corral Bitcoin transactions on dark web marketplaces like the Silk Road to figure that out. Now, however, blockchain analysis is a growing industry, catering to a range of clients including many of the most shadowy of government agencies. This was …
Regulation / Sept. 11, 2020
Binance and Huobi freeze $1.4M in crypto linked to North Korean hackers
Cryptocurrency exchanges Binance and Huobi have again frozen accounts linked to the $100 million Harmony Horizon bridge attack on Jun. 24, 2022. Around $1.4 million worth of crypto frozen by the trading platforms came from accounts linked to the notorious Lazarus Group operating out of North Korea. The investigation was carried out by blockchain analytics firm Elliptic, according to a report shared by the firm on Feb. 14. However, the firm didn’t state what coins or tokens were frozen. Exchanges @binance and @HuobiGlobal today froze accounts containing $1.4 million stolen by North Korea’s Lazarus Group. This was made possible thanks …
Blockchain / Feb. 15, 2023
Web3 is the solution to Uber’s problem with hackers
Uber is a staple of the gig economy, for better or worse, and a disruptor that once sent shockwaves throughout the mobility space. Now, however, Uber is being taken for a ride. The company is handling a reportedly far-reaching cybersecurity breach. According to the ride-hailing giant, the attacker has not been able to access sensitive user data, or at least, there is no evidence to suggest otherwise. Whether or not sensitive user data was exposed, this case points to a persistent issue with today’s apps. Can we continue to sacrifice our data — and thereby our privacy and security — …
Defi / Oct. 1, 2022
LastPass data breach led to $53K in Bitcoin stolen, lawsuit alleges
A class action lawsuit has been filed against password management service LastPass following a data breach from Aug. 2022. The class action was filed with the U.S. district court of Massachusetts on Jan. 3, by an unnamed plaintiff known only as “John Doe” and on behalf of others similarly situated. It alleges that the data breach of LastPass has resulted in the theft of around $53,000 worth of Bitcoin. The plaintiff claimed he began accruing BTC in Jul. 2022 and updated his master password to more than 12 characters using a password generator, as recommended by the LastPass “best practices.” …
Business / Jan. 5, 2023