The data in question seems to have come from a ‘Zero-Day Hack’ from 2021 (Picture: Getty Images)
Hackers are claiming to have gotten their hands on the data of 400 million Twitter users and put them up for sale on the black market.
The data reportedly contains private emails and linked phone numbers of high-profile Twitter users.
On Saturday, cybercrime intelligence firm Hudson Rock claimed that it discovered a ‘credible threat actor’ selling the stolen Twitter data.
‘The private database contains devastating amounts of information including emails and phone numbers of high profile users such as AOC, Kevin O’Leary, Vitalik Buterin & more,’ said Hudson Rock in a tweet.
‘In the post, the threat actor claims the data was obtained in early 2022 due to a vulnerability in Twitter, as well as attempting to extort Elon Musk to buy the data or face GDPR lawsuits,’
Hudson Rock said that while it has not been able to fully verify the hacker’s claims given the number of accounts, it said that an ‘independent verification of the data itself appears to be legitimate,’
Web3 security firm DeFiYield also had a look at 1,000 accounts the hacker claimed to have and verified that the data was ‘real’.
It also reached out to the hacker via Telegram and noted that they are actively waiting for a buyer.
The breached data in question is understood to have come from the ‘Zero-Day Hack’ from 2021 that allowed hackers to scrape private info which they then compiled into databases to sell on the dark web. The bug was patched in January this year.
‘We have seen data breaches like this before advertising personal information on websites for payments which have turned out to have been largely incorrect,’ said global cybersecurity advisor Jack Moore.
‘Cybercriminals often hack a small fraction of data and then claim to have far more in their database in order to increase a ransom payment. However, a fraction of the leaked data has been confirmed and can have major consequences with their stolen sensitive information,’
Moore has advised people to remain alert to phishing emails and other potential attacks which often follow through after breaches like this.
‘It is also vital to have two-factor authentication turned on for Twitter and other accounts such as digital wallets,’
MORE : Mastodon gains millions of new users as Twitter exodus continues
MORE : How to make a Twitter bot
Private emails and linked phone numbers have been leaked.