A hacker with the pseudonym Ryushi posted an ad on the Breached forum on December 23, in which he announced that he has a database of more than 400 million Twitter users. At the moment, there is no access to the hacker's original message. Only the screenshot remains.
According to the hacker, the database was obtained using “a vulnerability” (the hacker did not specify how) and includes “emails and phone numbers of celebrities, politicians, companies, normal users and a lot of OG and special usernames.”
The hacker's message also contained a suggestion addressed to Elon Musk. The hacker demanded a ransom of $276 million. Elon Musk did not respond to this message. The hacker also posted a link to the text where the database is described in more detail, but the link currently leads to the following message.
But, the link to “small sample that doesn't represent even 1% of the data" still works. This sample includes a database of 1,000 verified accounts. We managed to download this small database (exclusively for research purposes!). The database is hosted on a file-sharing service, has not yet been blocked and the number of downloads has already exceeded 7,500. If you believe the VirusTotal service, then there are no viruses in the file.
The database really contains 1,000 records, each of which includes email addresses, user names, number of subscribers, account creation dates and phone numbers. Of course, we will not share this database, because it is a crime.
DeFiYield – Web3 Security provider – checked sample data base and, according to them, these 1000 strings are real user data.
2/ Yes, this is real.
— DeFiYield 🛡️ Web 3 Security (@DefiyieldSec) December 25, 2022
We have checked each of 1,000 accounts given by the hacker as the SAMPLE.
We were able to verify the big % of these accounts' data is real: both emails and phone numbers. pic.twitter.com/Q3IsU2GhWh
DeFiYield also tried to contact the hacker on Telegram to ask him a few questions. The hacker read the messages, but has not responded.
3/ We were able to get in touch with the hacker: we have addressed the question related to the data leak.
— DeFiYield 🛡️ Web 3 Security (@DefiyieldSec) December 25, 2022
The person has been online, as they saw our messages.
Hacker is passionately waiting for the potential seller on TG.
Their contact info can be easily found in 1st tweet. pic.twitter.com/9BEvGG6u0F
According to Hudson Rock – a cybercrime intelligence company – the database contains data of the founder of Ethereum – Vitalik Buterin.
BREAKING: Hudson Rock discovered a credible threat actor is selling 400,000,000 Twitter users data.
— Hudson Rock (@RockHudsonRock) December 24, 2022
The private database contains devastating amounts of information including emails and phone numbers of high profile users such as AOC, Kevin O'Leary, Vitalik Buterin & more (1/2). pic.twitter.com/wQU5LLQeE1
Recently, on January 3, Hudson Rock published a message from Alon Gal – Co-Founder & CTO of Hudson Rock. This message contains new details of the crime. According to Hudson Rock, the data base is real and has affected almost every Twitter user; the data base is already being resold by other attackers and is likely to be shared soon; the data base most likely contains not 400 million strings, but 235 million; the data base contains email addresses, but not phone numbers.
IMPORTANT UPDATE ON THE TWITTER HACK: pic.twitter.com/sCDpjHKZD6
— Hudson Rock (@RockHudsonRock) January 3, 2023
A day after this message, Hudson Rock confirmed that the database of 235 million strings was leaked and distributed free of charge on the network.
Twitter database leaks for free with 235,000,000 records.
— Hudson Rock (@RockHudsonRock) January 4, 2023
The database contains 235,000,000 unique records of Twitter users and their email addresses and will unfortunately lead to a lot of hacking, targeted phishing, and doxxing.
This is one of the most significant leaks ever. pic.twitter.com/kxRY605qMZ
If you, dear reader, are a Twitter user, then your data is most likely in this database. Therefore, we highly recommend you:
- Connect 2FA wherever possible.
- Do not store passwords in public access and even in password managers, because they can also be hacked. It is safest to keep passwords on paper in a safe, or remember them.
- Set a withdrawal limit on all your credit and/or debit cards.
- As for cryptocurrency, it is better to move it to a hardware wallet.
We hope that you will be able to dodge the coming wave of spam, phishing and hacking. And we continue to observe.
