An Allegedly Credible Hacker Is Trying To Sell Stolen Data Of 400M Twitter Users
The database listed for sale in August was scraped from Twitter in December 2021. This data collection process leveraged a vulnerability in the Twitter login process that exposed the unique user IDs assigned to each Twitter account, facilitating the further exposure of email addresses and phone numbers. This vulnerability was fixed in January 2022, but not before threat actors managed to exploit it.
In an interview with BleepingComputer, the threat actor revealed an intention to sell the data to a singular buyer for $200,000 or to multiple buyers for $60,000 each. The forum post listing the data for sale also includes an attempt to extort Twitter and Elon Musk by pointing to an investigation recently announced by Ireland’s Data Protection Commission. According to the watchdog, Twitter may have violated multiple General Data Protection Regulation (GDPR) provisions in exposing the information of 5.4 million of its users.
Twitter may already be fined for exposing these users’ information, and, as the threat actor’s forum post points out, the release of information relating to over 400 million Twitter accounts could make such a fine even more likely. The threat actor also lists a number of perverse use-cases for the stolen information, suggesting that Twitter users may undergo extensive cyberattacks if the database were to fall into the wrong hands. In light of these threats, the forum post asks Elon Musk to buy the database on behalf of Twitter, with the threat actor promising to delete the database and never sell it again.
No matter who ends up buying the stolen database that is currently for sale, the appearance of this second database tells us that multiple threat actors may have leverage the Twitter vulnerability that exposed users’ information, and there may still be similar databases yet to be sold or revealed to the public. Thus, Twitter users may want to go ahead and change the email addresses and phone numbers associated with their accounts now to protect against future phishing attacks. For users who opt to take this step, messages that appear to be from Twitter sent to the email addresses and phone numbers previously associated with users’ accounts can be safely ignored as phishing attempts.