The personal information of Ethereum co-founder Vitalik Buterin, "shark" Kevin O'Leary and billionaire Mark Cuban are also among those for sale.
According to cybercrime intelligence unit Hudson Rock, someone is selling 400 million Twitter user accounts including personal emails and phone numbers on the black market.
BREAKING: Hudson Rock discovered a credible threat actor is selling 400,000,000 Twitter users data.
The private database contains devastating amounts of information including emails and phone numbers of high profile users such as AOC, Kevin O'Leary, Vitalik Buterin & more (1/2). pic.twitter.com/wQU5LLQeE1 — Hudson Rock (@RockHudsonRock) December 24, 2022
Hudson Rock said the leaked database contained the emails and phone numbers of celebrities such as AOC, Kevin O'Leary, Vitalik Buterin…
The perpetrator claimed to have taken the data earlier this year due to a Twitter vulnerability and had blackmailed Elon Musk to acquire the data or threatened to sue him for violating the general data protection regulation (GDPR).
Hudson Rock added that while it has not been able to verify the exact number of accounts the hacker holds, the number of victims is estimated to be more than 400 million users.
Web3 security platform DeFiYield looked at a sample of 1,000 accounts provided by hackers and verified that the data was "real."
However, some users claim that such a large scale is hard to believe, as Twitter's monthly number of active users stands at just 450 million.
By noon on December 26, hackers were still posting ads selling data on Breached and offered $ 176 million to Elon Musk to avoid selling data, otherwise Twitter would face a fine from the GDPR agency.
If Musk pays the fee, the hacker promises to delete the data and not sell it to anyone, to "prevent celebrities and politicians from Phishing scams, crypto scams, SIM swaps (personal accounts connected to user phone numbers will fall into the hands of criminals)…".
If this really happened, it would be the most serious scandal in Twitter's history and cause huge losses. Especially when the majority of celebrities, companies, organizations choose Twitter as a place to announce and update related news. The fact that a platform does not guarantee security will make the vast majority of users turn away.
In June 2021, Twitter was discovered an application programming interface vulnerability, creating a loophole for hackers to take users' personal information, compile it into a database and sell it on the dark web. But it was not until January 1, 2022, that this social network patched up the bug. This is also the potential mentioned by the hacker above.
On November 27, tech forum Bleeping Computer warned that two other databases of about 5.5 million and 17 million Twitter users were at risk.
There are some serious concerns with this. #1 – Identities of many pseudo accounts will be public, posing risks for them #2 – With a phone number, it's super easy to find anyone's address and banking information. #3 – Multiple phishing attempts via cellphone, physical, or email
– Haseeb Awan – efani.com (@haseeb) December 25, 2022
So, users should also take precautions, such as setting up two-factor authentication for different accounts, saving passwords securely, and keeping assets in wallets carefully.