Hacker Claims to Have Data on 400 Million Twitter Accounts
A hacker claims to have the email addresses and phone numbers of more than four hundred unique Twitter accounts. The perpetrator wants Elon Musk to pay for it to avoid fines.
The provider says it obtained the data through a vulnerability in the platform. It concerns the email address, name, username, number of followers, when their account was created, and phone number.
As an example, the perpetrator shares the data of some celebrities. American politician Alexandria Ocasio-Cortez and Apple co-founder Steve Wozniak, among others, are on the list, albeit without a telephone number.
Several security experts, including Alon Gal, the CTO of security firm Hudson Rock, say the data appears genuine. According to him, the data breach happened through a vulnerability in Twitter’s APIs. We do have to nuance that Twitter today has ‘only’ 368 million active users. However, the number of 400 million accounts may include inactive accounts.
The data is being offered for sale, but the provider is targeting the hacker forum directly to Musk and Twitter, promising to sell the data exclusively to them to prevent further damage to the company. For example, people also point to possible GDPR fines, although it seems unlikely that they will disappear by paying the provider; after all, the data has already been leaked to Twitter, and it is unclear whether several people have done so.
While not all accounts contain phone numbers, that seems to be the most interesting part of the data breach. On the one hand, this can cause problems for known users who see their contact details appear online. But, on the other hand, there is also the chance that some anonymous accounts will be exposed if they have created an account with their own telephone number (which is usually not public).