Read Time:1 Minute, 45 Second
A hacker recently claimed to have stolen partial data of roughly 400 million Twitter accounts, including supposed information from former Prime Minister Scott Morrison. The hacker also claimed the data was being sold to other threat actors.
According to cyber security experts, the hacker was able to obtain email addresses and phone numbers linked to Twitter user accounts. The claim was posted on the same data forum used by the hacker responsible for the Optus attack.
Rob Potter, the co-founder of Australian cyber security company Internet 2.0, noted that the data stolen by the hacker appeared to have been taken by ‘scraping’. Potter added that scraping is where threat actors find a system that has been misconfigured to provide information and request data from it.
He adds, “There’s some bug that allowed them to scrape without limitation, so they could just continuously scrape.”
Journalist Ailish Delaney reported that the hacker addressed Twitter CEO Elon Musk and reached out to the information security site Bleeping Computer.
Delaney added, “The hacker told information security site Bleeping Computer they are trying to sell Twitter the data for $A297,000 and will then delete it, or they will sell copies to multiple people for $A89,000 a sale.”
The hacker is also leveraging on the current issue Twitter is facing with the Irish Data Protection Committee has started its investigation on a previous data breach concerning 5.4 million user records just last year.
However, Greg Kelley, CTO at Vestige, claims that the hacker is claiming inflated figures. “The 400 million may be inflated, as threat actors are known to inflate the damage they have done to extract more money. The time it would take to validate that number of stolen records would take too long for a company to investigate in time.”
Kelley urges Twitter users to take the necessary precautions, like changing their passwords and enabling two-factor authentications to access their accounts. He adds that users should be wary of emails or text messages with links to check personal data as these may be phishing attempts.
Happy
0 %
Sad
0 %
Excited
0 %
Sleepy
0 %
Angry
0 %
Surprise
0 %
0
0
