On December 24, Hudson Rock, a cybercrime intelligence company, notified the public about a”credible threat” saying a hacker was offering to sell a private database, including the contact information for 400 million Twitter user accounts, complete with data about their private emails and valid phone numbers, including those of high profile personalities like Vitalik Buterin, AOC, Kevin O’Leary, and many others.
Hudson Rock, the whistleblowing Cyber crime film, revealed that their contact claimed to have obtained the data in early 2022 after it discovered vulnerabilities on the social application. However, because of the number of accounts involved, the cybercrime intelligence firm said it couldn’t independently verify the hacker’s claims, suggesting users to confirm data on their own.
DeFiYield, a Web3 security company, nonetheless, has confirmed the data’s authenticity by reviewing 1,000 accounts the hacker provided as a sample. They used Telegram to contact the hacker and inform them that there was a buyer out there while noting their activity.
Speculations, perspectives and demands
Users on Twitter, especially those using pseudonymous accounts, may have good reasons to be concerned.
Analysts note that, given the 450 million monthly active users, it is difficult to imagine a breach of this magnitude.
Ryushi, the purported hacker group, is alleged to maintain a buyer database for post-advertising breaches. Already, they want Elon Musk to pay $276 million to avoid the sale of the data and penalties from the General Data Protection Regulation Agency.
The fee is for the hacker to delete the information and guarantee that it won’t be sold to another party. This is done to protect many celebrities and politicians from phishing, crypto scams, doxing, and sim swapping.
The Data Protection Commission of Ireland launched an investigation against Twitter on Friday in relation to a data breach that occurred in August and reportedly affected 5.4 million Twitter users.
Twitter users and crypto enthusiasts have been advised to take precautions like using non-custodial wallets, changing passwords and creating 2-factor authentication (2FA) for their social media accounts.