Hack Attack on Twitter Reportedly Results in Data Dump Exposing Info of Over 200 Million Users
© AP Photo / Michael DwyerThe Twitter logo is seen on a cell phone, Friday, Oct. 14, 2022, in Boston. The “official” designation for major corporate accounts on Twitter appeared, vanished, and depending on the account, appeared or vanished again and some companies took to the social media platform to warn of imposters.
© AP Photo / Michael Dwyer
Subscribe
Tesla and SpaceX CEO Elon Musk's tenure at Twitter, launched when he bought the social network site last October for $44Bln, has been marked by the firing of top executives and almost half of its workforce, new hiring rules, and a slew of other contraversial changes. Reports of data-breach are yet another headache facing Twitter.
Over 200 million Twitter users' names, e-mail addresses, screen names, number of followers and phone numbers have reportedly been stolen in a massive hack attack, with the data dump now posted on the dark web.
The data breach, which took place as early as 2021, “will unfortunately lead to a lot of hacking, targeted phishing and doxxing,” according to Israel-based Hudson Rock cybersecurity-monitoring firm.
It added this could turn out to be "one of the most significant" data leaks yet recorded by the firm.
© Photo : TwitterScreenshot of Twitter account of Israeli cybersecurity-monitoring firm Hudson Rock.
Screenshot of Twitter account of Israeli cybersecurity-monitoring firm Hudson Rock.
© Photo : Twitter
Overall, the size of the database stolen was purportedly about 63GB, with previous reports into the alleged breach, featured in US media in December, claiming 400 million email addresses and phone numbers found their way into the hackers' hands.
At the end of 2022, Alon Gal, co-founder of Hudson Rock, had warned on social media about the breach.
© Photo : TwitterTwitter screenshot featuring LinkedIn post by Alon Gal, co-founder of Israeli cybersecurity-monitoring firm Hudson Rock.
Twitter screenshot featuring LinkedIn post by Alon Gal, co-founder of Israeli cybersecurity-monitoring firm Hudson Rock.
© Photo : Twitter
Scraped Twitter user profiles had been harvested by threat actors and data breach collectors by exploiting the microblogging site's API vulnerability, according to Gal.
After being discovered by Twitter's bug bounty program in January of 2022, in a blog post in August the company stated that the developments had followed an update to its code in June 2021, which resulted in cybercriminals taking advantage of the ensuing flaw.
The hack "allowed someone to enter a phone number or e-mail address into the log-in flow in the attempt to learn if that information was tied to an existing Twitter account, and if so, which specific account", the company said at the time.
Twitter claimed at the time that it had “no evidence to suggest someone had taken advantage of the vulnerability.”
Now, however, a threat actor has reportedly released the data consisting of 200 million Twitter profiles on the Breached hacking forum.
According to Troy Hunt, creator of breach-notification site Have I Been Pwned, the leaked cache seemed “pretty much what it’s been described as.”
© Photo : TwitterScreenshot of Twitter account of Troy Hunt, creator of breach-notification site Have I Been Pwned.
Screenshot of Twitter account of Troy Hunt, creator of breach-notification site Have I Been Pwned.
© Photo : Twitter
The reported data breach occured before Tesla and SpaceX CEO Elon Musk purchased the social network site on October 2, 2022, for $44Bln.
Twitter has not offered any official comment on the recent listing of user data ostensibly for sale on the dark web.