This article is more than
2 year oldThe data of 400 million Twitter accounts could potentially be at risk after a cyber criminal tried to sell the information over Telegram.
On December 23, a male avatar account calling themselves ‘Ryushi’ posted on a Telegram forum claiming to have scraped private data from over 400 million Twitter users, including the email and phone numbers linked to their usernames.
Ryushi said if Twitter paid them off US$200,000 (A$300,000), they would give away the data exclusively.
The alleged criminal said that $200,000 was a much smaller loss than a $276 million fine that Twitter would be slapped with under Europe‘s GDPR privacy law over the breach.
“Twitter or Elon Musk if you are reading this you are already risking a GDPR fine over 5.4m breach imaging the fine of 400m users breach source,” Ryushi wrote in the forum post.
“Your best option to avoid paying $276 million USD in GDPR breach fines like facebook did (due to 533m users being scraped) is to buy this data exclusively.”
Israeli cyber intelligence agency Hudson Rock first noticed the ransom demand on Christmas and said at first glance the threat appeared “credible”.
The hacker’s post on an internet forum.BREAKING: Hudson Rock discovered a credible threat actor is selling 400,000,000 Twitter users data.
— Hudson Rock (@RockHudsonRock) December 24, 2022
The private database contains devastating amounts of information including emails and phone numbers of high profile users such as AOC, Kevin O'Leary, Vitalik Buterin & more (1/2). pic.twitter.com/wQU5LLQeE1
To prove the data was real, Ryushi included sample data of 37 celebrities, such as politicians, journalists, corporations, and government agencies.
Among them was Donald Trump Jr, Piers Morgan and US politician Alexandria Ocasio-Cortez.
A little while later, a larger sample of 1000 Twitter accounts was then leaked.
The alleged stolen data includes information that is publicly accessible such as names, usernames, follower count and creation date.
However, it also used private data such as the email address and phone number, if there was one, linked to the account.
It doesn’t appear that passwords have been compromised.
The hacker claims to have breached millions of Twitter’s accounts. Picture: Constanza Hevia / AFP The hacker is trying to extort Elon Musk, the new Twitter founder. Picture: Jim Watson/ AFPThe Hudson Rock security firm said of the sample data: “Please Note: At this stage it is not possible to fully verify that there are indeed 400,000,000 users in the database.
“From an independent verification the data itself appears to be legitimate and we will follow up with any developments.”
The so-called hacker claims to have obtained the data in early 2022 from an API vulnerability.
This would align with media reports at the time, which found 5.4 million accounts in the US and Europe had been breached after a hacker used an API vulnerability.
This meant malicious actors could submit personal data like phone numbers and email addresses into the API to retrieve the corresponding Twitter ID.
The hacker behind the breach which impacted 5.4 million accounts was known as ‘Devil’ online.
Twitter claimed to have fixed this flaw in January of this year.
IMPORTANT PUBLIC SERVICE ANNOUNCEMENT:
— Brianna Wu (@BriannaWu) December 26, 2022
TWITTER HAS BEEN BREACHED. Even with two factor authentication enabled, you are vulnerable to a SIM swap attack.
CHANGE YOUR PASSWORD NOW. Please RT.
A US tech publication called BleepingComputer claims to have reached out to Ryushi to verify if the breach really did take place.
“I gained access by same exploit used for 5.4m data leak already. Spoke with the seller of it and he confirmed it was in Twitter login flow”, Ryushi told BleepingComputer.
“So, in the check for duplication it leaked the userID which i converted using another api to username and other info.”
BleepingComputer said it was able to confirm two of the accounts Ryushi posted on the forum as being legitimate.
The hacker said they had contacted Twitter but had as yet to receive a response.
Without a password, the main risk of cyber criminals having hold of a person’s name, email and phone number is that they can carry out a SIM swap hack.
A SIM swap hack is when a cyber criminal ports – or re-routes – the victim’s mobile number onto their own phone, allowing them to intercept text messages and reset passwords to things like bank accounts.
News.com.au has contacted Twitter for clarification but did not immediately receive a response.
This extortion attempt comes just months after Australia was rocked by two massive cyber breaches at Optus and Medibank.
The Optus cyber criminal hacked the data of 9.2 million Australians and initially demanded a $1 million ransom, but then bizarrely backflipped and apologised over the saga.
Meanwhile, Russian hackers who stole the data of 3.9 million Medibank customers tried to blackmail the insure with a $15 million ransom demand. When Medibank refused to comply, they released data in multiple information dumps online.
alex.turner-cohen@news.com.au
23/09/2024
02/09/2024
30/08/2024
Newer articles