News
Hacker claims to be selling Twitter data of 400 million users
December 2022 by Dirk Schrader, Global VP of Security Research chez Netwrix
It has recently come to light that a hacker is threatening to leak personal information of 400 million Twitter users, including several celebrities. No matter how the situation progresses, there are steps that should be taken by businesses as well as by those of us who have an account in Twitter. The seller claims the data was scraped via a vulnerability, it includes emails and phone numbers of celebrities, politicians, companies, normal users, and special usernames.
Dirk Schrader, VP of Security Research at Netwrix has made the following comments discussing what may happen next and what should now be done to prevent possible damage:
“Firstly, we need to take this threat seriously. Leaked data samples as well as additional information looks like the hacker’s claim is valid. The comparison between two data sets – the one originated from a previous Twitter leak and the ‘fresh’ one – proves that current breach is different, containing previously unseen data. The danger for Twitter users is real and, at least for a small while, imminent.
“Any combination of a valid email and a verified phone number in the hands of cyber crooks opens many possible threat vectors against users. Smishing attacks (phishing via SMS) making use of information gleaned from a user’s profile can be one of them. People tend to use the same passwords across different services. This is how attackers may gain access to other user’s more sensitive accounts with pre-saved credit card details like in online shops or streaming services. Moreover, it is a common practice for people to use the same password for their personal and business accounts which means that the leaked information can be used as an entry point into the IT environment of the organisation this person works for.
“As always, the biggest danger is the correlation of information extracted from this breach with other leaked data, enriching the possibilities and options for targeted attacks. Any additional large data trove will help Initial Access Brokers enhance the accuracy of data aggregation and find lucrative targets. This increases the threat of a supply chain attacks.
“First and foremost, organisations should inform their employees of this possible threat and encourage people to change their business passwords. If there is a password management solution implemented, it is even easier: the changes can be made for all users automatically. Multi-factor authentication (MFA) will not let the attacker into the system even with the right password but not all the systems are protected with MFA. Keeping in mind the possibility of infiltration, the best option would be to transfer any identified privileged account into a zero-standing privilege setup.”
