Another major data breach has come to light at Twitter. As a result, the data of more than 400 million users is for sale on the internet.
Since December 23, data from about 400 million twitter users has been offered on a hackers’ forum. The data consists of usernames, e-mail addresses and telephone numbers of various companies, politicians. In some cases, the Twitter account of ordinary users was also hacked.
Before we point the finger, Elon Musk and his Twitter policy are not at the root of the leak. The data that is now being offered for sale was collected at the beginning of 2022. The data therefore dates from 2021. Users who recently made changes to their profile therefore need not be alarmed. The leak through which the data could be scraped together was already closed in February of this year.
Why are the data suddenly being offered for sale? Everything seems that the hacker was waiting for the right moment to ask for a large sum of money. In his forum post, the hacker also says as much: “Twitter or Elon Musk, if you are reading this: you already risk a GDPR fine of 5.4 million for leaking the data of 5.4 million. Imagine what this will be like for 400 million users.” The hacker promises that if Elon Musk or Twitter buys the data, the internet post will disappear and the data will never be sold again. With the reference to the GDPR fine, the hacker is referring to an earlier data breach at Twitter.
For now, it doesn’t seem like Twitter or Musk are jumping on the offer: the data is still for sale. However, it seems unlikely that they can escape a GDPR fine by buying the data. So there is not really an incentive for Twitter to buy the data.
The consequences of the leak can be quite far-reaching, although it is mainly public persons who should be concerned about this. The hacker mentions SIM swapping, phishing, crypto scams – all things that should be possible with his database. Meanwhile, the file in which the hacker explains how to make money with the data has been removed from the internet.
Meanwhile, the personal account of Piers Morgan, a well-known British journalist, was hacked. A series of questionable tweets were sent with the account, which have since been deleted. Not that the hacked data has been sold in the meantime. Piers Morgan’s data was released as a preview of what’s in the full dataset. Also names like Shawn Mendes, Cara Delavigne, Steve Wozniak, Alexandria Ocasio-Cortez, Donald Trump Jr. and Linus Sebastian appear in the data sample.
As a ‘regular’ Twitter user, it doesn’t immediately seem like you have anything to fear. Of course, changing your passwords from time to time never hurts.