The pattern knowledge seen by Hackread.com reveals that the offered info additionally consists of information on prime celebrities and political figures, reminiscent of Democratic Rep. Alexandria Ocasio-Cortez and Bollywood’s Salman Khan.
On December 23, 2022, a menace actor going by the deal with “Ryushi” claimed to promote greater than 400 million Twitter customers’ private particulars on BreachedForums, a cybercrime and hacking discussion board that surfaced as a substitute for the now-seized Raidforums.
As seen by Hackread.com, the pattern knowledge connected to the publish incorporates non-public e-mail addresses, usernames, follower counts, creation dates, and, in sure circumstances, the person’s telephone numbers.
The pattern knowledge additionally incorporates quite a lot of well-known person accounts together with New York Democratic Rep. Alexandria Ocasio Cortez, Ethereum cryptocurrency founder Buterin, Indian actor Salman Khan and cybersecurity reporter Brian Krebs.
It’s price mentioning that the most recent knowledge leak got here only one month after a hacker leaked the contact and private particulars of over 5.3 million Twitter customers on-line. Each the sooner and newest incidents at the moment are being investigated by Irish authorities.
The menace actor acknowledged within the publish that the info had been “scraped through a vulnerability” however didn’t specify any additional particulars.
Additional, they freely suggested the CEO of the social media large, Elon Musk, that he can purchase this knowledge straight from the hacker as a substitute of “paying $276 million USD in GDPR breach fines like Fb did” however doesn’t specify a worth at which the info is being offered.
Providing to conduct the “deal” by way of a intermediary, the menace actor states, “After that, I’ll take away this thread and won’t promote this information once more. And knowledge gained’t be offered to anybody else, which can cease lots of celebrities and politicians from Phishing, Crypto scams, Sim swapping, Doxxing, and different issues that can make your customers lose belief in you as an organization and thus stunt the present progress and hype.”
Researchers who’ve seen the pattern knowledge consider that this alleged knowledge leak is the results of an API flaw which allowed the menace actor to go looking any e-mail addresses or telephone numbers and return a Twitter profile.
This assault adopted solely months after Twitter entered right into a consent order with the US Federal Commerce Fee binding it to keep up a privateness and data safety program for the subsequent 20 years.
The settlement ended a federal investigation into Twitter’s use of telephone numbers and e-mail addresses for promoting functions once they have been collected for use for multi-factor authentication. Twitter additionally paid a $150 million civil penalty.
Subsequently, if this knowledge breach is verified, the influence on Twitter could be drastic each financially and socially. On the time of writing, the info was nonetheless up for grabs.
Hackers leak scraped knowledge of 87,000 GETTR customers
Almost 500 million WhatsApp Consumer Information Bought On-line
Leaky Server Exposing Scraped Knowledge of 150,000 Mastodon Customers
Leaked: 235m Instagram, TikTok, YouTube customers’ scraped information
Meta Fined €265 million in Fb Knowledge Scraping Case within the EU
