Hackers claim to have stolen the data of 400,000,000 Twitter users

Anugraha SundaraveluPublished Dec 26, 2022, 2:25pm|Updated Dec 26, 2022, 6:25pm

The data in question seems to have come from a ‘Zero-Day Hack’ from 2021 (Picture: Getty Images)

Hackers are claiming to have gotten their hands on the data of 400 million Twitter users and put them up for sale on the black market.

The data reportedly contains private emails and linked phone numbers of high-profile Twitter users.

On Saturday, cybercrime intelligence firm Hudson Rock claimed that it discovered a ‘credible threat actor’ selling the stolen Twitter data.

‘The private database contains devastating amounts of information including emails and phone numbers of high profile users such as AOC, Kevin O’Leary, Vitalik Buterin & more,’ said Hudson Rock in a tweet.

‘In the post, the threat actor claims the data was obtained in early 2022 due to a vulnerability in Twitter, as well as attempting to extort Elon Musk to buy the data or face GDPR lawsuits,’

BREAKING: Hudson Rock discovered a credible threat actor is selling 400,000,000 Twitter users data.

The private database contains devastating amounts of information including emails and phone numbers of high profile users such as AOC, Kevin O’Leary, Vitalik Buterin & more (1/2). pic.twitter.com/wQU5LLQeE1
— Hudson Rock (@RockHudsonRock) December 24, 2022

Hudson Rock said that while it has not been able to fully verify the hacker’s claims given the number of accounts, it said that an ‘independent verification of the data itself appears to be legitimate,’

Web3 security firm DeFiYield also had a look at 1,000 accounts the hacker claimed to have and verified that the data was ‘real’.

It also reached out to the hacker via Telegram and noted that they are actively waiting for a buyer.

The breached data in question is understood to have come from the ‘Zero-Day Hack’ from 2021 that allowed hackers to scrape private info which they then compiled into databases to sell on the dark web. The bug was patched in January this year.

3/ We were able to get in touch with the hacker: we have addressed the question related to the data leak.

The person has been online, as they saw our messages.

Hacker is passionately waiting for the potential seller on TG.

Their contact info can be easily found in 1st tweet. pic.twitter.com/9BEvGG6u0F
— DeFiYield ð¡ï¸ Web 3 Security (@DefiyieldSec) December 25, 2022

‘We have seen data breaches like this before advertising personal information on websites for payments which have turned out to have been largely incorrect,’ said global cybersecurity advisor, Jake Moore.

‘Cybercriminals often hack a small fraction of data and then claim to have far more in their database in order to increase a ransom payment. However, a fraction of the leaked data has been confirmed and can have major consequences with their stolen sensitive information,’

Moore has advised people to remain alert to phishing emails and other potential attacks which often follow through after breaches like this.

‘It is also vital to have two-factor authentication turned on for Twitter and other accounts such as digital wallets,’

MORE : Mastodon gains millions of new users as Twitter exodus continues

MORE : How to make a Twitter bot

Sign Up for News Updates

Get your need-to-know latest news, feel-good stories, analysis and more

Share this with