A programming interface vulnerability in Twitter seemingly allowed a hacker to scrape account data from 400 million accounts on the micro-blogging site. That hacker or group of hackers is now selling the information on BreachForums.
If you are unfamiliar with BreachForums, it is essentially the replacement site for the now-closed RaidForums. It allows people to discuss cybercrime and also buy/sell exploits and stolen data. On the boards, the Twitter hacker (Ryushi) says the dataset includes phone numbers and email addresses of famous celebrities, companies, and politicians.
Ryushi listed the email addresses of some of them, including Piers Morgan, Stephen Curry, and Donald Trump Jr. Furthermore, the hacker shows a link to a .CSV file that shows the information of 1,000 Twitter users. Both leaks were to provide the data scrape and the sale are legitimate.
Elon Musk Request
While the hacker is selling on BreachForums, it seems an easier solution is also in place. Specifically, Ryushi addresses Twitter and its CEO, Elon Musk, and says they can simply purchase the data themselves to avoid it becoming public.
He says allowing the data to be stolen in the first place goes against the European Union's General Data Protection Regulation (GDPR) law. If Musk/Twitter buy the data, it “will prevent a lot of celebrities and politicians from phishing, crypto scams, sim swapping, doxing and other things that will make your users lose trust in you as a company.
“From [sic] content creators this is a sensitive time, which will make things far worse and if you are unsure just run a poll on Twitter like usual and people will choose their fate because at the end of the day it's the company's fault that this data was breached.”
Bleeping Computer reports the hack was possible by exploiting an API vulnerability in Twitter. That flaw was known about and fixed back in January 2022. So, the hack probably happened last year and the hacker has been sitting on the data.
Tip of the day: When using your Windows 10 laptop or convertible with a mobile hotspot you might want to limit the Internet bandwidth your PC uses. In our tutorial we are showing you how to set up a metered connection in Windows 11 or Windows 10 and how to turn it off again, if needed.