A sample of the database posted on the dark web includes the emails and phone numbers of Democrat Rep. Alexandria Ocasio-Cortez, Apple co-founder Steve Wozniak, Ethereum co-founder Vitalik Buterin, SpaceX, the US Department of the Interior, and the World Health Organization (WHO), to name a few. It is impossible to verify the authenticity of the information at this time. However, cybersecurity intelligence company Hudson Rock said it is a “credible threat.” Other security experts have also verified the data. The hacker threatened dire consequences, including huge fines, if the massive database is leaked.
Hacker Accessed Data Via Twitter Vulnerability
According to the threat actor, a vulnerability on Twitter allowed them to access the data. In addition to usernames and email addresses, the sample data also includes mobile numbers, the number of followers, and the dates the respective accounts were created. DeFiYield contacted the hacker and also verified the validity of the data. In a tweet, the Web3 cybersecurity firm said a majority of the leaked data is “real.” Mobile security expert Haseeb Awan, who also verified the sample data, warned about the consequences of the trove getting leaked online. Awan said such a leak would not only compromise the privacy of affected users but may also expose their physical addresses and banking information, leaving them open to phishing attacks and SIM swap attacks. In their post, the threat actor noted that Twitter might be faced with a hefty fine like Facebook if the company fails to purchase the stolen data. In November, Facebook was fined €276 by Ireland’s Data Protection Commission (DPC) for an April 2021 breach that exposed the data of about 533 million users. The hacker said they would delete the stolen data and not share it with other parties if Twitter purchased it. This would “prevent a lot of celebrities and politicians from Phishing, Crypto Scams, Sim swapping, Doxxing, [sic] and other things…” they wrote. The news of this hack surfaced on the same day the DPC announced it was launching an investigation into reports of a breach that compromised the data of more than 5.4 million Twitter users.
Security Tips for Twitter Users
Twitter is certainly in a bit of a conundrum right now, following sweeping layoffs in the tumultuous aftermath of Elon Musk’s takeover. Whether you are a high-profile Twitter user or not, you can protect your privacy by enabling two-factor authentication. We also recommend using a top-rated password manager and a reliable VPN.