On the Hacker Breached forums, just weeks before, a data set allegedly comprising the emails and telephone numbers of nearly 400 million Twitter users had been posted. This dataset was originally uploaded by “Ryushi,” a hacker who used the screenname Ryushi.
Cyber Security Hub said that the hacker claimed to have obtained the data using a “data-scraping technique” and an unpatched flaw in Twitter’s software. For $200,000, the hacker wanted to sell the data “exclusively” and threatened that social media platforms could be subject to a huge GDPR penalty for not protecting user data.
Ryushi claimed that the best way to avoid $276 million in GDPR breach penalties like Facebook’s was to purchase this data only.
This forum post included data samples for 37 celebrities, companies, journalists, politicians and government agencies. These included Doja Cat and Alexandria Ocasio–Cortez from the World Health Organization, Shawn Mendes and Piers Morgan.
Get Data for Free
Privacy Affairs researchers also revealed that evidence was found that over 200 million Twitter account information had been downloaded to the hacker forum.
Veronika Bilicska, Privacy Affairs’ content manager, stated via email that “this new leak seems to be identical as the one in December 2022 which affected more than 400 million accounts.” In this instance, the 200 million figure was due to duplicates being removed.
Privacy Affairs reports that data now appears to be available free of charge for all users, rather than being sold at $200,000 like it was in December. Sundar Paichai is one of many well-known entities, as are Donald Trump Jr. SpaceX, CBS Media and the NBA.
It was reported that the database had a size of 63GB. The hackers could use the data to hack Twitter user accounts. Researchers also warned of potential social engineering and “doxxing” campaigns.
Privacy Affairs analysts however determined that the leaked numbers did not contain phone numbers.
What does all this mean for you?
The latest breach should not be dismissed easily, particularly for anonymous users who posted controversial content.
This leak basically doesxxes high-profile users’ personal email addresses, which could be used to spam, harass, or even hack their accounts. Miklos Zoltan (CEO Privacy Affairs) said high profile users might be inundated with spamming attempts and phishing attempts.
BullWall executive vice president Steve Hahn (cybersecurity researcher) suggested that the breach be considered very concerning.
Hahn stated that the threat actor initiated the monetization by extorting important people. This is likely to be how it ends. In December 2017, Elon Musk was the victim of extortion. This data can lead to a lot of doxing.
You could endanger relationships and careers.
Hahn gave two examples: “A married public officer with an anonymous account following and liking sex workers’ Twitter photos or an employee disgruntled with an NDA posting incriminating leaked information on an ex-employer.”
It is possible for even the average user to post highly controversial posts that could lead to them being fired.
Hahn stated that with this information so readily available, any malicious or evil person could collect names linked to anonymous Twitter handles. He or she can then begin “screenshotting” their activity to attempt to exort or embarrass them. This is the ultimate dream of a researcher in political opposition. This is a nightmare for everyone else. You should also use different passwords on every site.