It’s probably not a coincidence that the Twitter account of Piers Morgan, a British media personality, was hacked and then wiped after the leak of over 400 million Twitter user data that is now being sold on a hacking forum, cybersecurity researchers say.
Hudson Rock, an Israeli cyber-intelligence company, was one of the first to notice the ad offering the data of 400 million Twitter users, including celebrities, businesses, and government organizations.
The post’s author said the dataset included Twitter handles, usernames, email addresses, phone numbers, follower count, and other information. It seems the aim is to sell all this for at least $50,000, however, the data was also directly offered to Elon Musk, Twitter’s CEO.
According to Hudson Rock, the threat actor selling the database is “credible”. The firm’s researchers checked the samples published by the hacker, called the data “legitimate”, and added that it was “likely not a coincidence” that Morgan had just had his Twitter account hacked.
Morgan, whose account content was also wiped, but only after it sent out a barrage of slurs and abusive messages directed at the late Queen of England and singer Ed Sheeran among others, appeared in these samples – as did, for example, Australia’s former prime minister Scott Morrison, US politician Alexandria Ocasio-Cortez, singer Shawn Mendes, basketball star Stephen Curry, and others.
“The reveal of the email address may have been just what the hacker needed to find passwords for the account, or social engineer his way,” Hudson Rock said on Twitter.
Incidentally, the author of the post on the hacking forum actually invited Twitter to “just imagine famous content creators and influencers getting hacked on Twitter that will for sure make them ghost the platform and ruin your dream.”
According to the post on the hacker forum, the data scrape was possible due to an unnamed ‘vulnerability.’ Data leaks of such scale are often possible due to system flaws that allow harvesting information at scale, a practice known as ‘scraping.’
What’s also important is that leaked phone numbers and email addresses pose significant dangers to their owners. Threat actors could use the data to carry out phishing attacks, impersonation, and fraud.
The Twitter scrape would mark a second major leak in two months if confirmed. On November 16, a threat actor posted an ad, selling a 2022 database of 487 million WhatsApp user mobile numbers. A data sample investigated by Cybernews likely confirms this to be true.
The latest Twitter leak probably won’t affect user confidence, Alex Hamerstone, advisory solutions director at cybersecurity firm TrustedSec, told Cybernews this week. However, circumstances are worrying.
That’s because last summer someone already attempted to sell the email addresses and phone numbers of 5.4 million Twitter users on the dark web. The platform earlier admitted vulnerabilities in its API (Application Programming Interface) systems, and as of today, no one has been able to confirm for sure how many users had been caught up in the exploit.
