A hacker with the pseudonym Ryushi posted an ad on the Breached forum on December 23, in which he announced that he has a database of more than 400 million Twitter users. At the moment, there is no access to the hacker's original message. Only the screenshot remains.
According to the hacker, the database was obtained using “a vulnerability” (the hacker did not specify how) and includes “emails and phone numbers of celebrities, politicians, companies, normal users and a lot of OG and special usernames.”
The hacker's message also contained a suggestion addressed to Elon Musk. The hacker demanded a ransom of $276 million. Elon Musk did not respond to this message. The hacker also posted a link to the text where the database is described in more detail, but the link currently leads to the following message.
But, the link to “small sample that doesn't represent even 1% of the data" still works. This sample includes a database of 1,000 verified accounts. We managed to download this small database (exclusively for research purposes!). The database is hosted on a file-sharing service, has not yet been blocked and the number of downloads has already exceeded 7,500. If you believe the VirusTotal service, then there are no viruses in the file.
The database really contains 1,000 records, each of which includes email addresses, user names, number of subscribers, account creation dates and phone numbers. Of course, we will not share this database, because it is a crime.
DeFiYield – Web3 Security provider – checked sample data base and, according to them, these 1000 strings are real user data.
DeFiYield also tried to contact the hacker on Telegram to ask him a few questions. The hacker read the messages, but has not responded.
According to Hudson Rock – a cybercrime intelligence company – the database contains data of the founder of Ethereum – Vitalik Buterin.
Recently, on January 3, Hudson Rock published a message from Alon Gal – Co-Founder & CTO of Hudson Rock. This message contains new details of the crime. According to Hudson Rock, the data base is real and has affected almost every Twitter user; the data base is already being resold by other attackers and is likely to be shared soon; the data base most likely contains not 400 million strings, but 235 million; the data base contains email addresses, but not phone numbers.
A day after this message, Hudson Rock confirmed that the database of 235 million strings was leaked and distributed free of charge on the network.
If you, dear reader, are a Twitter user, then your data is most likely in this database. Therefore, we highly recommend you:
- Connect 2FA wherever possible.
- Do not store passwords in public access and even in password managers, because they can also be hacked. It is safest to keep passwords on paper in a safe, or remember them.
- Set a withdrawal limit on all your credit and/or debit cards.
- As for cryptocurrency, it is better to move it to a hardware wallet.
We hope that you will be able to dodge the coming wave of spam, phishing and hacking. And we continue to observe.