Scam deals with .ton domains, a major Twitter data leak, and other cybersecurity developments

Here are the week’s most important cybersecurity headlines.

Twitter confirmed a data leak involving 5.4 million users

More than 5.4 million Twitter user records were posted for free on a hacking forum, according to Bleeping Computer.

The data were collected as far back as December 2021 using an API vulnerability related to the Android client’s authentication process. It allowed people to submit phone numbers and email addresses to obtain a Twitter identifier.

The published records contain:

• a private email address or phone number;
• Twitter account identifier;
• real and display names;
• location;
• account URL and profile image;
• bio;
• follower and following counts;
• creation date of the account.

This database was previously put up for sale on the dark web in July 2021.

The social network confirmed the incident.

Separately, security expert Chad Loder claimed that using the same vulnerability a larger data dump containing tens of millions of Twitter records was created. He later published an edited sample of the database with 1.3 million French user numbers on Mastodon. Loder was subsequently suspended.

Bleeping Computer learned that the new dump was circulated privately to several people. It is segmented by country and region codes, including Europe, Israel and the United States. It potentially contains more than 17 million records.

GetGems reports scam deals involving .ton domains

On the NFT marketplace GetGems, a scammer appeared who, using the offer feature deceives buyers and snatches up desirable .ton domains for next to nothing. The first to report this was the Telegram channel JpegMillionaire.

The attacker selects purchase amounts so that they visually appear large. For example, 3,999 TON (about $6.84) due to the offer’s short validity was read by the seller in haste as 4,000 TON (~$6,840).

To date, the scammer has taken control of the domains send.ton and indigo.ton.

The platform has already flagged his wallet as a scam.

LastPass password manager hit by another breach

The LastPass password manager said that attackers breached its cloud storage and gained access to customer data. This is the second incident in three months.

Hackers exploited information stolen during the previous August 2022 attack. The development environment was breached through a compromised employee account.

The new incident affected, in particular, GoTo’s subsidiary.

The developers assured that customer passwords were not compromised.

LastPass notified law enforcement and launched an internal investigation with the participation of cybersecurity firm Mandiant.

Cybersecurity researchers accidentally deactivated a major botnet

Experts at Akamai, while studying the KmsdBot botnet, inadvertently deactivated it.

The malware was used for covert cryptocurrency mining and for DDoS-attacks on Windows and Linux devices.

During testing, researchers accidentally sent it a command containing a syntax error, which effectively halted it.

Hackers will now have to rebuild it from scratch to operate the botnet.

Police arrest 55 members of the ‘Black Panthers’ gang involved in SIM-swapping

The National Police of Spain arrested 55 members of the cybercrime group known as the “Black Panthers.”

Using SIM-swapping, the criminals gained access to victims’ text messages and bypassed two-factor authentication on their bank accounts.

The gang had a sprawling structure, specializing in social engineering, phishing and cash-out operations. Among those arrested was one of the group’s leaders, who coordinated cell activity and recruited money mules.

Investigators estimate the Black Panthers deceived at least 100 victims. The damage amounted to €250,000 ($260,000).

Meanwhile, Spanish police dismantled the activities of cybercriminals who created a network of fake investment sites and promised returns from crypto investments. Six members were arrested. They extorted more than €12.3 million ($12.8 million) from 300 residents of Europe.

Beeline employee data exposed online

Confidential information for almost all Beeline employees has been published publicly, according to the Telegram channel “Information Leaks.” The hacker claims to have obtained the data from the company’s directory service.

To substantiate his claims, he provided four LDIF files containing exports from the Moscow, Southern, Ural, and Central regions.

The databases contain:

• 198,050 unique logins on the vimpelcom.ru domain;
• 67,480 email addresses on the beeline.ru domain;
• 89,519 mobile numbers;
• 10,969 landline numbers;
• Full names in Base64 encoding and other operational information.

Beeline confirmed the leak, noting that customer data remains secure.

An internal investigation is underway.

Also on ForkLog:

• In Ledger they denied information about the collection of personal data of users.
• The crypto exchange Coinsquare acknowledged a data breach.
• The hacker who breached FTX transferred 255 BTC to the OKX exchange.
• In November the crypto industry lost more than $391 million to hacks.
• Report: the number of fraudulent videos for traders on YouTube grew by 500%.
• DeFi protocol Ankr was hacked. The price of aBNBc collapsed to zero.

What to read this weekend?

We review material on how artificial intelligence and machine learning are helping cybersecurity for organisations and their customers.

Follow ForkLog’s bitcoin news in our Telegram — cryptocurrency news, prices and analysis.