Well-known individuals were among the 400 million Twitter users whose information was leaked and are for sale. These include model Cara Delevingne, pop singer Shawn Mendes, US politician Alexandria Ocasio-Cortez, businessman Kevin O'Leary, UK media personality Piers Morgan, and former Australian prime minister Scott Morrison.
A sample of data was published last week by an apparent cybercriminal behind the name "Ryushi."
Affected Personalities
As per The Guardian, a cybersecurity company was tipped off to the allegation speculated that the recent hacking of British broadcaster Piers Morgan's Twitter account was "likely not a coincidence." And sure, it is true, given that Morgan was also mentioned in data samples shared by the hacker.
Reportedly, Morgan's Twitter account had sent out obscenities and hateful words intended at the late Queen and UK musician Ed Sheeran. However, most of the material had been deleted.
Morrison's official email account was the only one reported as compromised in the breach and was previously available to the public. His phone number was not given, which might limit the extent of the damage.
Read Also: UK Media The Guardian Reports an Alleged Ransomware Attack
Breach Incident
According to the hacker, all the information includes emails and phone numbers of celebrities, politicians, corporations, common people, and many original and unusual identities. The data was allegedly scraped from Twitter due to a vulnerability in the platform.
Hacker proposed an "exclusive" data sale to Twitter for $200,000 to help the firm avoid EU General Data Protection Regulation (GDPR) penalties.
The information was made public in the month of November. And at the time, there were rumors that this was only the beginning of the extent of the issue since no one knew how many users had fallen victim to the exploit.
An Israeli cyber-intelligence entity called Hudson Rock posted online about the "credible threat" three days earlier, suggesting that it was among the first to discover the post offering the data of 400 million Twitter users.
Nobody has yet to confirm that the hacker has access to the resources they claim to have.
BREAKING: Hudson Rock discovered a credible threat actor is selling 400,000,000 Twitter users data.
The private database contains devastating amounts of information including emails and phone numbers of high profile users such as AOC, Kevin O'Leary, Vitalik Buterin & more (1/2). pic.twitter.com/wQU5LLQeE1— Hudson Rock (@RockHudsonRock) December 24, 2022
System Flaw
It was revealed in January that a flaw in Twitter's application programming interface (API) services enabled users to learn which accounts were linked to which phone numbers and emails. Twitter acknowledged this in August.
By taking advantage of the flaw, an attacker might get access to otherwise inaccessible data, such as the personal phone numbers and email addresses of prominent users.
A change made to Twitter's code in June 2021 is responsible for this breach. However, in July 2022, Twitter discovered that a malicious person had taken advantage of the flaw before it was rectified, prompting a patch to be released.
The action followed an effort to sell 5.4 million users' contact information, including email addresses and phone numbers. Twitter has promised to notify everyone verified as a hacking victim.
Read Also: North Korean Government Hacks Almost 1000 Foreign Policy Experts, as per South Korean Authorities
