400 million Twitter accounts hacked
Twitter has fallen victim to a new data breach. Thanks to a security breach, a hacker managed to siphon data from 400 million verified accounts. He put this information up for sale on a forum and invited Elon Musk to make him an offer.
A hacker has put a database containing personal information up for sale 400 million verified Twitter accounts on Breached, a hacker forum. There are email addresses and phone numbers for each account. Thus, the anonymity of Internet users is violated.
Also read: Arcom worried about massive layoffs by Twitter boss Elon Musk
Many celebrities attended
In the statement, the hacker calling himself Ryushi recommends the new head of Twitter, Elon Musk, to buy the database in order to protect the members of the social network. According to him, the settlement agreement will allow the American platform to avoid the fine GDPR violation (General Data Protection Regulation), in force in Europe since 2018. In order to convince Elon Musk to pull out his checkbook, Ryushi reminds him that this sensitive information could make it easier to deploy scams or phishing attacks.
The hacker clarifies that the leak is included information of many celebritiesincluding politicians or business leaders. To prove his claims, the hacker shared examples of stolen data. For example, there is information on the Twitter account of the American Democrat Alexandria Ocasio-Cortez or the CEO of Google, Sundar Pichai. Several leading figures in the cryptocurrency world are also concerned. This is the case Vitalik ButerinHe is one of the creators of the Ethereum blockchain.
BREAKING: Hudson Rock Discovers Credible Threat Actor Selling Data of 400,000,000 Twitter Users.
The private database contains devastating information including emails and phone numbers of high-profile users such as AOC, Kevin O’Leary, Vitalik Buterin and more (1/2). pic.twitter.com/wQU5LLQeE1
— Hudson Rock (@RockHudsonRock) December 24, 2022
Hudson Rock has computer security experts confirmed its authenticity hacked data. After independent verification, researchers believe the hacker is telling the truth. Apparently, the data of 400 million Twitter users is for sale. This is also the opinion of DefiYield, a decentralized finance platform. It explains that it has ” verified each of the 1,000 accounts provided by the hacker”.
? DATA OF 400 MILLION TWITTER ACCOUNTS LEAKED!!! ?
⚡️ EVERY TWITTER ACCOUNT INCLUDES: email, phone number and username!
? YOU HAVE CONTACTED A HACKER ? pic.twitter.com/zL2SdLrbYn
— DeFiYield ?️ Web 3 Security (@DefiyieldSec) December 25, 2022
The seller does not mention prices in his ad. To agree on the price, you need to contact the pirate via private message or Telegram. It states that it will be transferred to the database high price to the highest bidder If Elon Musk doesn’t react.
“Twitter hasn’t approached me yet, I’ve only offered the data if they want it, but if I can’t sell it to them, I’ll take other people’s offers.”explains Ryushi on the forum.
Twitter security breach
In the forum Ryushi claims to be exploiting A loophole in the Twitter code. He claims he used the breach to steal data between 2021 and 2022. Alon Gal, CEO of the Hudson Rock firm on Linkedin, believes that the hacker was likely referring to Twitter’s API (Application Programming Interface) breach. Thanks to this tool, he was able to bypass the security of the social network and siphon data from any account.
Reminiscent of surgery in the eyes of an expert Hacking facebook in 2019. That year, the attacker managed to steal the data of 533 million users registered on the social network. The phone numbers of millions of French people have been hacked. According to Facebook, a mysterious hacker has hijacked the contacts import function to extract data stored on its servers.
A Twitter hacker would do the same. Note that the “Let people who have your phone number find you on Twitter” feature is the source of a data leak that was discovered a few months ago. Introduced via an update in June 2021, the flaw was fixed by Twitter engineers in early 2022. Several hackers exploited the apparent vulnerability before the company could react.