A hacker has put up for sale a database of 400 million Twitter users, including the contact details of Ethereum founder Vitalik Buterin, Shark Tank star Kevin O’Leary, and billionaire Mark Cuban. Hudson Rock flagged the development.
BREAKING: Hudson Rock discovered a credible threat actor is selling 400,000,000 Twitter users data.
The private database contains devastating amounts of information including emails and phone numbers of high profile users such as AOC, Kevin O’Leary, Vitalik Buterin & more (1/2). pic.twitter.com/wQU5LLQeE1
— Hudson Rock (@RockHudsonRock) December 24, 2022
In a December 23 announcement, the seller claimed to have obtained the data in early 2022 due to a vulnerability in the social network. The database contains names, mobile phone numbers and email addresses.
The anonymous seller provided a sample fragment of data covering 1,000 famous users. He also offered Twitter CEO Elon Musk to buy the database to head off its sale and the ensuing penalties for the breach totalling $276 million.
Hudson Rock was unable to fully verify the hacker’s claims, given the volume of accounts. Web3 security firm DeFiYield, however, corroborated the “reality” of the information provided by the seller.
Some were skeptical about the possibility of such a large-scale breach, given that the current monthly active user base is around 450 million.
Such information could potentially be used for phishing, SIM swapping and doxing.
There are some serious concerns with this.
#1 — Identities of many pseudo accounts will be public, posing risks for them
#2 — With a phone number, it’s super easy to find anyone’s address and banking information.
#3 — Multiple phishing attempts via cellphone, physical, or email— Haseeb Awan — efani.com (@haseeb) December 25, 2022
As reported in late November, Twitter confirmed a data breach affecting 5.4 million users. It was obtained in December 2021 via an API vulnerability tied to the Android client’s authentication flow, which allowed people to submit phone numbers and email addresses to obtain a Twitter identifier.
The same exploit allowed the creation of a data dump, presumably containing more than 17 million records.
The vulnerability was fixed in January 2022.
Follow ForkLog’s Bitcoin news on our Telegram — cryptocurrency news, prices and analysis.