Monday, January 30, 2023
  • Advertise With Us
  • Write For Us
  • Contact Us
  • About Us
  • Editorial Calendar
Download Free Magazine
The Cyber Express
Ransomware 2023 Report
  • Magazine
  • Firewall Daily
    • All
    • Dark Web News
    • Data Breach News
    • Hacks
    • Ransomware
    • Vulnerabilities
    Westmont Hospitality

    ALPHV/BlackCat Ransomware Gang Attacks Westmont Hospitality Group

    cybersecurity

    ‘You are Essentially Funding Cybercriminals When You Pay Ransom’

    Dr Pepper Russian Branch

    Data Breach at Dr Pepper Russian Branch, Mystery Hacker Steals Confidential Info

    Amadey Botnet

    Old Bot in New Bottle: Amadey Botnet Back in Action Via Phishing Sites

    Verizon

    Verizon Customer Data for Sale on Dark Web, New Data Breach Suspected

    GoTo Confirms User Data Stolen With Encryption Key

    GoTo Confirms User Data Stolen With Encryption Key

    HIVE Ransomware

    Hive Ransomware Servers Taken Down in FBI-led Global Law Enforcement Action

    porsche nft

    Porsche NFT Hits Pit Stop, Fake NFT Sale On With Malvertising and Fraud Domains

    Hilton Hotels

    Hilton Hotels Loyalty Program Data Breached, Customer Info for Sale

  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    TRAI

    TRAI Asked to Involve MoD in Drafting Big Data Regulations & Policies

    cybersecurity

    Cybersecurity incidents may soon be ‘uninsurable’

    Australia

    Australia Ropes in Tech Veterans to Set Up Cyber Action Plan

    Active Directory

    Prevent Ransomware: Save the Active Directory

    Privacy Penalty Bill

    Privacy Penalty Bill: Australian Parliament Approves Heavy Fines

    Zero Trust Strategy

    US Department of Defense to Embrace Zero Trust Strategy

    browser hijackers

    Researchers Find Browser Hijackers on Google Chrome Web Store

    DORA proposal

    DORA Proposal for Cybersecurity Awaits Full Approval by Council and ESAs

    Privacy penalty bill

    Australia Privacy Penalty Bill 2022: Pay a $50 Million Fine for Data Breaches

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business News
    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • Events
    • Webinars
    • World CyberCon Middle East 2023
    • Endorsed Events
  • Advertise
No Result
View All Result
The Cyber Express
  • Magazine
  • Firewall Daily
    • All
    • Dark Web News
    • Data Breach News
    • Hacks
    • Ransomware
    • Vulnerabilities
    Westmont Hospitality

    ALPHV/BlackCat Ransomware Gang Attacks Westmont Hospitality Group

    cybersecurity

    ‘You are Essentially Funding Cybercriminals When You Pay Ransom’

    Dr Pepper Russian Branch

    Data Breach at Dr Pepper Russian Branch, Mystery Hacker Steals Confidential Info

    Amadey Botnet

    Old Bot in New Bottle: Amadey Botnet Back in Action Via Phishing Sites

    Verizon

    Verizon Customer Data for Sale on Dark Web, New Data Breach Suspected

    GoTo Confirms User Data Stolen With Encryption Key

    GoTo Confirms User Data Stolen With Encryption Key

    HIVE Ransomware

    Hive Ransomware Servers Taken Down in FBI-led Global Law Enforcement Action

    porsche nft

    Porsche NFT Hits Pit Stop, Fake NFT Sale On With Malvertising and Fraud Domains

    Hilton Hotels

    Hilton Hotels Loyalty Program Data Breached, Customer Info for Sale

  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    TRAI

    TRAI Asked to Involve MoD in Drafting Big Data Regulations & Policies

    cybersecurity

    Cybersecurity incidents may soon be ‘uninsurable’

    Australia

    Australia Ropes in Tech Veterans to Set Up Cyber Action Plan

    Active Directory

    Prevent Ransomware: Save the Active Directory

    Privacy Penalty Bill

    Privacy Penalty Bill: Australian Parliament Approves Heavy Fines

    Zero Trust Strategy

    US Department of Defense to Embrace Zero Trust Strategy

    browser hijackers

    Researchers Find Browser Hijackers on Google Chrome Web Store

    DORA proposal

    DORA Proposal for Cybersecurity Awaits Full Approval by Council and ESAs

    Privacy penalty bill

    Australia Privacy Penalty Bill 2022: Pay a $50 Million Fine for Data Breaches

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business News
    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • Events
    • Webinars
    • World CyberCon Middle East 2023
    • Endorsed Events
  • Advertise
No Result
View All Result
The Cyber Express
No Result
View All Result
Home Cybersecurity News
Trending

Twitter Data Breach: Data of 400 Million Users Up For Sale on Dark Web

Data breach reported a day after Irish privacy watchdog announced a probe on an earlier Twitter breach

Chandu Gopalakrishnan by Chandu Gopalakrishnan
December 26, 2022
in Cybersecurity News, Firewall Daily
0
Twitter Data Breach
1.1k
SHARES
6.1k
VIEWS
Share on LinkedInShare on Twitter
Listen to this story

In what can be touted as one of the biggest Twitter data breaches, the data of 400 million Twitter users have been put up for sale on the dark web. The revelation comes a day after The Irish Data Protection Commission (DPC) announced an investigation into an earlier Twitter data leak that had affected over 5.4 million users. The earlier breach was discovered in late November.

According to Alon Gal, co-Founder and CTO of Israeli cybercrime intelligence company, Hudson Rock, the data was probably obtained from an API vulnerability enabling the threat actor to query any email or phone and retrieve a Twitter profile.

You might also like

ALPHV/BlackCat Ransomware Gang Attacks Westmont Hospitality Group

‘You are Essentially Funding Cybercriminals When You Pay Ransom’

Data Breach at Dr Pepper Russian Branch, Mystery Hacker Steals Confidential Info

The database contains devastating amounts of information, including, emails and phone numbers of high-profile users, Gal noted on his LinkedIn post.

Big Data Breach, Big Names, Bigger Damage

“The threat actor provided a valid sample of 1,000 notable accounts and included the private information of AOC, Brian Krebs, Vitalik Buterin, Kevin O’Leary, Donald Trump Jr., and many more,” Gal wrote in his LinkedIn post about the breach.

When contacted, Gal told The Cyber Express that he discovered the post during his dark web intelligence search. David H. of CZECHMATE CZ, a cyber intelligence service based in Czech Republic, confirmed on LinkedIn that he has verified that the data is indeed put up for sale.

He got in touch with many known names, including cybersecurity journalist Brian Krebs. “I spoke to Brian Krebs specifically, and he is aware of this,” Gal told The Cyber Express.

The person who posted the leak note claimed they got the data in early 2022 via an exploit on Twitter. Akin to the Meta-penalty situation, the person in the post addressed Elon Musk, asking him to buy the data to avoid GDPR lawsuits.

At the time of publishing this report, researchers including Gal were working on verifying whether the proposed seller actually has the data of the 400,000,000 Twitter users.

“I can say the data is valid based on the samples provided by the hacker,” Gal told The Cyber Express.

Then Meta Breach, Now Twitter Data Breach

Ahead of the Twitter data breach, Gal was the one who discovered the Meta breach in 2021. “This is extremely similar to the Facebook 533m database that I originally reported about in 2021 and resulted in a $275,000,000 fine to Meta,” Gal wrote in his LinkedIn post about the breach.

Over 533 million Facebook users from 106 countries had their personal information exposed in that incident, including 32 million in the US, 11 million in the UK, and 6 million in India. The data included phone numbers, Facebook IDs, full names, locations, birthdates, bios, and email addresses for some individuals.

PIIs are hot cakes for hackers, which they could use for a host of malicious activities.

The hacker themself shared a note on how the data could be used to make money, Gal told The Cyber Express. We had access to the note and found ambitious and borderline-outlandish claims by the hacker.

Any other government can simply buy this data and spy on their citizens, such as track their location by sending them an email. “If the email must contain (sic) a GIF image that when the victim open it can grab his IP address and thus tracking him,” went the sentence on the note.

“Or just find their phone numbers from here and send them your Pegasus exploit or any other to target them without leaving a trace,” it added along with a host of other, potentially dangerous suggestions of targeted attacks.

Twitter data breach, damages, and GDPR penalty

A breach of this scale could blow up on the face of Elon Musk, who is receiving global flak on the way he sledgehammered through the operation and policy of the extremely influential microblogging site. Moreover, the DPC has already initiated its investigation on the previous breach.

“The DPC corresponded with Twitter International Unlimited Company (‘TIC’) in relation to a notified personal data breach that TIC claims to be the source vulnerability used to generate the datasets and raised queries in relation to GDPR compliance,” said the EU privacy watchdog in a statement on Friday.

In July 2022, a hacker forum post offered to sell the personal information of over 5.4 million Twitter users for $30,000. The data included publicly available information like Twitter IDs, names, login names, locations, and verified status, as well as private information like email addresses and phone numbers.

The hack occurred in December 2021 when a vulnerability in the Twitter API was exposed through the HackerOne bug bounty program. This vulnerability allowed anyone to enter a phone number or email address into the API and link it to a Twitter ID.

GDPR penalty is not new for Twitter. Two years ago, the DPC levied a fine of €450,000 ($550,000) on Twitter due to the company’s failure to promptly inform the DPC of a breach within the 72 hours mandated by the GDPR and for faulty documentation of the incident.

Share this:

  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • More
  • Click to email a link to a friend (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)

Related

Tags: Elon MuskElon Musk Twitter Takovergta 6 leaks twitterTwitterTwitter Data BreachTwitter Hacked
Previous Post

Top 10 Cybersecurity Jobs That are In-demand for 2023

Next Post

After Pro-Ukraine Firms, Russians Target ‘Neutral’ India

Chandu Gopalakrishnan

Chandu Gopalakrishnan

Executive Editor, The Cyber Express

Related Posts

Westmont Hospitality
Cybersecurity News

ALPHV/BlackCat Ransomware Gang Attacks Westmont Hospitality Group

by Chandu Gopalakrishnan
January 28, 2023
cybersecurity
Firewall Daily

‘You are Essentially Funding Cybercriminals When You Pay Ransom’

by Chandu Gopalakrishnan
January 28, 2023
Dr Pepper Russian Branch
Data Breach News

Data Breach at Dr Pepper Russian Branch, Mystery Hacker Steals Confidential Info

by Ashish Khaitan
January 27, 2023
Amadey Botnet
Firewall Daily

Old Bot in New Bottle: Amadey Botnet Back in Action Via Phishing Sites

by Editorial
January 27, 2023
Verizon
Dark Web News

Verizon Customer Data for Sale on Dark Web, New Data Breach Suspected

by Editorial
January 27, 2023
Next Post
Russia

After Pro-Ukraine Firms, Russians Target ‘Neutral’ India

Latest Issue is Out. Subscribe Now

Cybersecurity Person of The Year 2023
Download Now

Sign Up For Newsletter

Name*

Recommended

US Ransomware

US Traces Record Ransomware Payments, Interpol Report Confirms Trend

November 2, 2022
LockBit 3.0 Claims to Have Stolen Thales’ Data

LockBit Ransomware Gang Claims to Have Stolen Thales’ Data

November 2, 2022

Categories

  • Appointments
  • Budgets
  • Business News
  • Compliance
  • Cyber Essentials
  • Cyber Warfare
  • Cybersecurity News
  • Dark Web News
  • Data Breach News
  • DDoS Attacks
  • Espionage
  • Features
  • Firewall Daily
  • Gitex2022
  • Governance
  • Hacks
  • How to
  • Interviews
  • Learning & Development
  • Main Story
  • Malware News
  • Mergers & Aquisitions
  • Partnerships
  • Podcast
  • Policy Updates
  • Press Release
  • Ransomware
  • Regulations
  • Research
  • Resources
  • Sponsored Content
  • Startups
  • Vulnerabilities
  • Workforce

Don't miss it

Cyber Security for Water Treatment Plants
Sponsored Content

The Threat is Real: Cyber Security for Water Treatment Plants Demands Attention

January 29, 2023
Westmont Hospitality
Cybersecurity News

ALPHV/BlackCat Ransomware Gang Attacks Westmont Hospitality Group

January 28, 2023
SOCs
Features

SOCs to Face Greater Challenges from Cybercriminals Targeting Govt. and Media in 2023

January 28, 2023
cybersecurity
Firewall Daily

‘You are Essentially Funding Cybercriminals When You Pay Ransom’

January 28, 2023
Dr Pepper Russian Branch
Data Breach News

Data Breach at Dr Pepper Russian Branch, Mystery Hacker Steals Confidential Info

January 27, 2023
How to protect and recover your Facebook and Instagram accounts – a complete guide
Resources

How to protect and recover your Facebook and Instagram accounts – a complete guide

January 27, 2023

About

The Cyber Express

Cybersecurity News and Magazine

The Cyber Express is a handbook for all stakeholders of the internet that provides information security professionals with the latest news, updates and knowledge they need to combat cyber threats.

Follow The Cyber Express

Contact

For editorial queries: [email protected]

For marketing, PR & media partnerships: [email protected]

For media kit and digitals sales: [email protected]

For Sponsorship/Event Partnership: [email protected]

For Conferences related information: [email protected]

Our Address

We’re remote friendly, with office locations around the world:

San Francisco, Atlanta, Rome,
Dubai, Mumbai, Bangalore, Hyderabad,  Singapore, Jakarta, Sydney, and Melbourne

 

Headquarters:

The Cyber Express LLC
555 North Point Center E
Alpharetta, GA 30022, USA.

Tel: (678) 578-8838

Subscribe to Our Feed

RSS Feeds

© 2022 The Cyber Express | By Cyble Inc.

No Result
View All Result
  • Firewall Daily
  • Business News
  • Cyber Essentials
  • Features
  • Cybersecurity Magazine
  • Events
    • World CyberCon Middle East 2023
    • Webinars

© 2022 The Cyber Express | By Cyble Inc.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.