The private contact details of Ethereum co-founder Vitalik Buterin, Shark Tank host Kevin O’Leary and Mark Cuban are reportedly up for sale.
The data of 400 million Twitter users, which included private emails and linked phone numbers, was reportedly offered for sale on the black market.
Cybercrime intelligence agency Hudson Rock highlighted on December 24 via Twitter a “credible threat” where someone would sell a private database of contact information for 400 million Twitter user accounts.
“The private database contains a devastating amount of information, including emails and phone numbers of high profile users like AOC, Kevin O’Leary, Vitalik Buterin and many more,” explained Hudson Rock, before adding:
“In the message, the attacker claims the data was obtained in early 2022 due to a vulnerability in Twitter and attempts to blackmail Elon Musk into buying the data or facing prosecution under the GDPR.”
Hudson Rock said that while he was unable to fully verify the hacker’s claims given the number of accounts, “an independent verification of the data itself appears legitimate.”
Web3 security firm DeFiYield also reviewed 1,000 accounts provided by the hacker as samples and confirmed that the data was “real”. He also contacted the hacker via Telegram and found that they were actively waiting for a buyer there.
If the breach turns out to be true, it could be a significant cause for concern for Crypto Twitter users, especially those who operate under a pseudonym.
However, some users pointed out that such a large-scale breach is hard to believe as the current number of active monthly users is said to be around 450 million.
As of this writing, the alleged hacker still has a post on Breached promoting the database to buyers. It also has a specific call to action for Elon Musk to pay $276 million to avoid selling the data and face a GDPR fine.
If Musk pays the fee, the hacker says he will delete the data and not sell it to anyone else “to stop many celebrities and politicians from phishing, crypto scams, SIM swapping, doxxing and other things”.
View Hacker Database: Violated
The hacked data in question is believed to be from the “zero-day hack” on Twitter, which exploited a June 2021 vulnerability in an application programming interface before being patched in January this year. The flaw essentially allowed hackers to harvest private information, which they then compiled into databases to sell on the dark web.
See also: Crypto Twitter confused by SBF’s $250m bail and a return to luxury
Alongside this alleged database, two others have already been identified, one consisting of around 5.5 million users and the other allegedly containing up to 17 million users, according to a November 27 report. by Bleeping Computer.
The dangers when this information is leaked online include targeted phishing attempts via SMS and email, attacks by swapping SIM cards to obtain accounts, and doxing private information.
People are advised to take precautions such as B. Ensure two-factor authentication settings for their various accounts are enabled through an app and not their phone number, as well as change and store their passwords securely, and also using a private and autonomous account. hosted crypto wallet.