One of the biggest user data leaks in the world? Cybercrime firm Hudson Rock has revealed that 400 million pieces of personal data of Twitter users were recently put up for sale on the black market. In addition to Vitalik Buterin and Donald Trump, the French Ministry of Justice is among the victims.
Twitter data leaked
This information was revealed to us by the firm Hudson Rock, which specialises in cybercrime. According to their information, more than 400 million personal data of Twitter users are currently for sale on the black market of the dark web
BREAKING: Hudson Rock discovered a credible threat actor is selling 400,000,000 Twitter users data.
The private database contains devastating amounts of information including emails and phone numbers of high profile users such as AOC, Kevin O’Leary, Vitalik Buterin & more (1/2). pic.twitter.com/wQU5LLQeE1
– Hudson Rock (@RockHudsonRock) December 24, 2022
The company identifies this data leak as a “credible threat”. The sensitive database held by the hacker includes email addresses and phone numbers used to create accounts on the social network.
Among the 400 million potential victims, there are obviously influential personalities. Indeed, the hacker’s sale announcement is accompanied by a sample of 1000 lines given as an example. These include Vitalik Buterin, the prominent co-founder of Ethereum (ETH), Donald Trump and even the French Ministry of Justice.
As Hudson Rock explains in its statement, the hacker says he got the information in early 2022, thanks to a flaw identified in the Twitter application. However, the intelligence company does not believe it can confirm the veracity of every line in this database.
On the other hand, the company DeFiYield looked at the 1000 rows shared as an example by the hacker and claimed that this sample did indeed match the real data. That said, it’s surprising that a data leak wasn’t spotted earlier by Twitter teams and Elon Musk when he bought the company, especially since the social network’s active user base is 450 million per month.
Elon Musk called out by hacker
If this data leak is true, it could be a real concern for crypto ecosystem players operating anonymously – or pseudonymously – on Twitter, as their identity could be revealed. The threat is even greater for scammers, who could face legal action for their misdeeds.
Of course, the threat is mainly to ordinary users. These e-mail addresses could be used by malicious actors to carry out phishing. Indeed, email is still today a very used vector to perpetuate scams allowing to steal cryptos or NFTs.
In addition to selling the data file, the hacker has contacted Elon Musk. He offered to pay him $276 million to avoid the sale of the data as well as a fine from the General Data Protection Regulation (GDPR) agency.
As a reminder, in 2018, the CNIL had punished the company Uber for a leak of sensitive data concerning 57 million customers, including 1.4 million on French territory. The fine, which amounted to 400,000 euros for the French subsidiary, had been deemed too low by some of the users concerned.
Let’s take this opportunity to issue a reminder that is always useful: it is important to be as careful and vigilant as possible when operating in the world of Web3. Make sure that your accounts are secured via two-factor authentication, that your passwords are changed regularly, and that your cryptocurrencies are stored securely.