400M Twitter users' data is reportedly on sale in the black market

Published at: Dec. 26, 2022

400 million Twitter users’ data containing private emails and linked phone numbers have reportedly been up for sale on the black market.

Cybercrime intelligence firm Hudson Rock highlighted a “credible threat” via Twitter on Dec. 24 in which someone is supposedly selling a private database containing contact information of 400 million Twitter user accounts. 

“The private database contains devastating amounts of information including emails and phone numbers of high profile users such as AOC, Kevin O'Leary, Vitalik Buterin & more,” Hudson Rock stated, before adding that:

“In the post, the threat actor claims the data was obtained in early 2022 due to a vulnerability in Twitter, as well as attempting to extort Elon Musk to buy the data or face GDPR lawsuits.”

Hudson Rock said that while it has not been able to fully verify the hacker’s claims given the number of accounts, it said that an “independent verification of the data itself appears to be legitimate.”

BREAKING: Hudson Rock discovered a credible threat actor is selling 400,000,000 Twitter users data.The private database contains devastating amounts of information including emails and phone numbers of high profile users such as AOC, Kevin O'Leary, Vitalik Buterin & more (1/2). pic.twitter.com/wQU5LLQeE1

— Hudson Rock (@RockHudsonRock) December 24, 2022

Web3 security firm DeFiYield also had a look at 1,000 accounts given as a sample by the hacker and verified that the data is “real.” It also reached out to the hacker via Telegram and noted that they are actively waiting for a buyer there.

If found true, the breach could be a significant cause for concern for crypto Twitter users, particularly those who operate under a pseudonym.

However, some users have highlighted that such a large-scale breach is hard to believe, given that the current amount of active monthly users reportedly sits at around 450 million.

At the time of writing, the purported hacker still has a post up on Breached advertising the database to buyers. It also has a specific call to action for Elon Musk to pay $276 million to avoid having the data sold and face a fine from the General Data Protection Regulation agency.

If Musk pays the fee, the hacker says they will delete the data and it will not be sold to anyone else “to prevent a lot of celebrities and politicians from Phishing, Crypto scams, Sim swapping, Doxxing and other things.”

The breached data in question is understood to have come from the “Zero-Day Hack” on Twitter in which an application programming interface vulnerability from Jun. 2021 was exploited before it was patched in January this year. The bug essentially allowed hackers to scrape private info which they then compiled into databases to sell on the dark web.

Related: Crypto Twitter confused by SBF’s $250M bail and a return to luxury

Alongside this supposed database, two others have previously been identified, with one consisting of around 5.5 million users and another thought to contain as much as 17 million users, according to a Nov. 27 report from Bleeping Computer.

The dangers of having such info leaked online include targeted phishing attempts via text and email, sim swap attacks to get ahold of accounts and the doxing of private information.

There are some serious concerns with this. #1 - Identities of many pseudo accounts will be public, posing risks for them#2 - With a phone number, it's super easy to find anyone's address and banking information.#3 - Multiple phishing attempts via cellphone, physical, or email

— Haseeb Awan - efani.com (@haseeb) December 25, 2022

People are being advised to take precautions such as making sure two-factor authentication settings are turned on for their various accounts, via an app and not their phone number, along with changing their passwords and storing them securely, and also using a private, self-hosted crypto wallet.

Tags
Business
Elon Musk
Phishing
Twitter
Data
Related Posts
Crypto user offers $100K for Elon Musk's tweet on proposed NFT
All the trendy aspects of the crypto space — non-fungible tokens, institutional adoption of Bitcoin, the quirkiness of Dogecoin — have found a home with Tesla CEO Elon Musk. In a tweet today, the billionaire claimed he would be selling a musical non-fungible token, or NFT, with lyrics based on the hype surrounding the technology: "It’s verified, it’s guaranteed." The video clip playing the song features a pair of diamond hands underneath the moon with Shiba Inu dogs — likely a reference to Dogecoin — circling. I’m selling this song about NFTs as an NFT pic.twitter.com/B4EZLlesPx — Elon Musk (@elonmusk) …
Music / March 15, 2021
BlockFi confirms unauthorized access to client data hosted on Hubspot
New Jersey-based crypto financial institution BlockFi confirmed a data breach incident via one of its third-party vendors, Hubspot. BlockFi’s proactive warning about the breach aims to deter the intentions of bad actors in repurposing the user data for fraudulent activities. According to the announcement, the hackers gained access to BlockFi’s client data on Friday, Mar. 18, that were stored on Hubspot, a client relationship management platform: “Hubspot has confirmed that an unauthorized third-party gained access to certain BlockFi client data housed on their platform.” As a third-party vendor for BlockFi, Hubspot stored user data such as names, email addresses and …
Blockchain / March 19, 2022
Binance may form a team to support Twitter's blockchain efforts
According to reports on Oct. 28, the crypto exchange Binance intends to create a team to work on crypto and blockchain solutions for Twitter, following the acquisition of the social media company by tech billionaire Elon Musk. The development came hours after Binance's founder and CEO, Changpeng Zhao, or CZ, confirmed that the company had backed Musk with $500 million in financing, making the crypto exchange the fourth-biggest contributor to the takeover amid 19 investors that provided $7 billion to Tesla's founder. On Twitter, CZ confirmed that the money was wired earlier this week and clarified that the transaction was …
Blockchain / Oct. 28, 2022
Twitter monetization and free speech drove Binance's $500M injection: CZ
Binance CEO Changpeng “CZ” Zhao has explained the reasoning behind its $500 million co-investment into Elon Musk’s Twitter, citing monetization potential, crypto community free speech, and the opportunity to eventually “help bring Twitter into Web3.” CZ’s comments came from an Oct. 31 CNBC Squawk Box segment, where he explained what drove his co-investment with Elon Musk to acquire the social media platform noting: "I believe Twitter has not been monetized well, it has not grown well, there's many tactical problems like bots that spam my comments, there's scammer accounts on there, it's not been run well." “But I think the …
Adoption / Nov. 1, 2022
Elon Musk wants Twitter payments system built with crypto in mind
Twitter chief Elon Musk has reportedly instructed his developers to build the platform’s payments system in such a way that crypto functionality can be added in the future. According to a Jan. 30 Financial Times report, two people familiar with Twitter’s plans said the payments feature will support fiat currencies to start but be built to accommodate cryptocurrencies should the opportunity arise. Twitter has long teased bringing payments to the social media platform — forming part of Musk’s stated plan to make Twitter an “everything app.” Buying Twitter is an accelerant to creating X, the everything app — Elon Musk …
Adoption / Jan. 31, 2023