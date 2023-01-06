Email addresses of 235 million Twitter users (TWTR34) were stolen and posted on a hacker forum, a security researcher reported Thursday. Alon Gal is co-founder of Hudson Rock, an Israeli electronic security monitoring company.

Gal says the theft will lead to “many cases” of attempted digital attacks. “This database will be used by hackers, political hacktivists and — of course — governments to further undermine our privacy.”

Sought, Twitter did not comment on the leak. Reuters says it is unclear at this time whether the social network has taken action to investigate or remedy the attack and that it has not been able to independently verify the authenticity of the data posted on the forum.

There are no clues as to the identity or location of the hacker (or hackers) behind the data theft. The crime may even have occurred in 2021, before billionaire Elon Musk bought Twitter (see more below).

235 million or 400 million?

Claims about the size and scope of the attack vary. Information published on December 23 said that more than 400 million email addresses and phone numbers had been stolen.

According to Forbes, the data was put up for sale by a hacker who identified himself as “Ryushi” and who demanded $276,000 for an “exclusive” sale of the data.

He claims to have stolen the data in 2021, using a “data extraction technique” and a vulnerability that was discovered by Twitter in January 2022 and fixed in August, according to The Washington Post.

The American newspaper says that this is not the first time that this Twitter vulnerability has apparently been exploited. According to the paper, hackers attempted to sell 5.4 million social media account identifiers (and their associated email addresses and phone numbers) in July 2022.

‘Evidence’ of the crime

The hacker who identified himself as “Ryushi” and claims the attack made additional allegations, including disclosing the names of celebrities who were affected by the leak. Gal’s company, which released the leak, says some claims appear to be related to the potential hack.

“Piers Morgan, who appeared in the data samples provided by the Twitter hacker, has just had his account hacked,” Hudson Rock wrote. “It’s probably not a coincidence: revealing the email address may have been just what the hacker needed to find account passwords or do social engineering.”

“Social engineering” is when a scammer convinces a victim to share personal data and even banking information. The technique induces people to adopt certain behaviors, such as opening links to infected sites, carrying out financial transactions or even sharing confidential data, such as passwords and card numbers.

The publication includes data from nearly 40 celebrities, journalists, politicians, companies and government agencies, including the likes of Doja Cat, Alexandria Ocasio-Cortez (AOC), Shawn Mendes and the World Health Organization (WHO).

CONTINUE AFTER ADVERTISING

(With Reuters)

Find out why the stock market crash represents a rare opportunity and see 6 amazingly cheap stocks to buy today

Related