Best Top Reviews Online

A Purportedly Trustworthy Hacker Is Attempting To Sell The Stolen Data Of 400 Million Twitter Users

In August of this year, an unknown actor using the username “devil” posted information about 5.4 million Twitter users on BreachForums for sale. This information included email addresses and telephone numbers associated with user accounts. Now, someone with the username “Ryushi” claims to be selling a database containing information on more than 400 million Twitter accounts.

The August-listed database was harvested from Twitter in December 2021. This data collection process exploited a flaw in the Twitter login procedure that exposed the unique user IDs associated with each Twitter account, thereby facilitating the disclosure of email addresses and phone numbers. This vulnerability was patched in January 2022, but not before it was exploited by threat actors.

According to a new post on BreachForums, the database containing the information of 5.4 million Twitter users pales in comparison to a database containing the email addresses and phone numbers of 400 million Twitter accounts. According to cybercrime intelligence firm Hudson Rock, the user who offered the database for sale is a credible threat actor. In addition, the forum post includes two samples of the stolen data, and Hudson Rock asserts that an independent analysis has confirmed the authenticity of these samples.

In an interview with BleepingComputer, the threat actor disclosed plans to sell the data for $200,000 to a single buyer or $60,000 to multiple buyers. The forum post listing the data for sale also includes an attempt to blackmail Twitter and Elon Musk by invoking a recently announced investigation by Ireland’s Data Protection Commission. In exposing the information of 5,4 million of its users, Twitter may have violated multiple General Data Protection Regulation (GDPR) provisions, according to the watchdog.

Twitter may have already been fined for exposing these users’ information, and as the threat actor’s forum post indicates, the release of information about more than 400 million Twitter accounts could increase the likelihood of a fine. The threat actor also lists several malicious uses for the stolen information, suggesting that Twitter users could be subjected to extensive cyberattacks should the database fall into the wrong hands. The forum post requests Elon Musk to purchase the database on behalf of Twitter, with the threat actor promising to delete the database and never sell it again.

Regardless of the fate of the entire database, it appears that the sample data disclosed in the forum post has already enabled a cyberattack on at least one Twitter account. This morning, the account of the television personality Piers Morgan was hacked, resulting in a series of bizarre and offensive tweets. Since Morgan’s email address appears in the sample data posted by the threat actor, another actor likely used this information to gain unauthorized access to Morgan’s Twitter account via phishing. The sample data contains the phone numbers and email addresses of numerous other well-known individuals, businesses, and government agencies, so Morgan’s Twitter account may be only the first of many accounts to be compromised as a result of the release of this information.

Regardless of who ends up purchasing the stolen database that is currently for sale, the appearance of this second database indicates that multiple threat actors may have exploited the Twitter vulnerability that exposed user data, and that similar databases may still be sold or made public. To prevent future phishing attacks, Twitter users may wish to change the email addresses and phone numbers associated with their accounts immediately. Messages that appear to be from Twitter and are sent to the email addresses and phone numbers previously associated with a user’s account can be safely disregarded as phishing attempts by users who take this precaution.

Why Trust Us?

Best Top Reviews Online was established in 2018 to provide our readers with detailed, truthful, and impartial advice on what to buy. We now have millions of monthly users from all over the world and annually evaluate over a thousand products.

The above article was written by the BestTopReviewsOnline team, which consists of some of the most knowledgeable technical experts in the United States. Our team consists of highly regarded writers with vast experience in smartphones, computer components, technology apps, security, and photography, among other fields.

Related Stories

  • All Post
  • Best Picks
  • Explainers
  • How To
  • News
  • Versus
WordPress Vulnerabilities Up 30 Percent in 2018

January 9, 2019

Despite fewer plugins being added to WordPress in 2017, the CMS platform experienced an increase in vulnerabilities in 2018. UPDATE In 2018, vulnerabilities in the popular content management system (CMS) WordPress increased by 30 percent, according to new research on…

Get more info

Deals

Reviews

Best Products

Buying Guides

Contact Us

About Us

We provide a platform for our customers to rate and review services and products, as well as the stores that sell them. We research and compare the most popular brands and models before narrowing it down to the top ten, providing you with the most comprehensive and reliable buying advice to help you make your decision.

Disclaimer

BestTopReviewsOnline.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com. As an Amazon Associate I earn from qualifying purchases.

 

Address & Map

20 S Santa Cruz Ave, Suite 300, Los Gatos, CA 95030, United States

© 2022 BestTopReviewsOnline.com Pty. Ltd. All Rights Reserved. Licensing: All third-party trademarks, images, and copyrights used on this page are for comparative advertising, criticism, or review. As this is a public forum where users can express their opinions on specific products and businesses, the opinions expressed do not reflect those of BestTopReviewsOnline.com.