A hacker claims to have the private information of 400 million Twitter users. If many identifiers from the social network are still in circulation, nothing proves for the moment that the hacker is in possession of such a database.
” You already risk a fine for leaking 5.4 million, so imagine the one for leaking 400 million users “. A criminal wants to convince Twitter that he is in possession of a massive database of the social network in a post published on December 23 on a forum known to hackers. The hacker demands that the company pay 200,000 euros if it does not want to see its users’ private information sold to the highest bidders on the darknet.
Famous names and their email addresses – Donald Trump Jr, Alexandria Ocasio-Cortez, Piers Morgan – are cited in the message to increase the pressure. A sample of 1,000 identifiers is also online and has been confirmed as authentic by Hudson Rock Companywho took the time to contact users.
Now, how much can we trust this hacker?
A lot of data in circulation
We can already confirm that he is in possession of personal data, but the real amount remains unclear. First, because a flaw at Twitter has already been exploited several times, with leaks, several million accounts. The criminal admitted to the American media Bleeping Computer that he used this same vulnerability, publicly discovered by an ethical hacker in January 2022. The damage was done, because many hackers had recovered credentials by searching the programming interface.
Thus, 5.4 million Twitter accounts were on sale this summer. However, another leak has probably taken place, and we are still trying to find out the seriousness of it. A file containing the data of 1.4 million French users is notably in circulation between hackers. The file would be broader, because it would concern a total of 17 million accounts, from all countries. This database is not for sale and is only shared within a restricted hacker circle.
The post of this December 23 is therefore perhaps related to this famous file. The file has not been shared for the moment, it is better to wait for a reaction from Twitter or the return of a buyer before being able to move forward.
If in doubt, should you change your Twitter password, as already advised by some on the web ? Not necessarily. Changing codes is not always a good idea when a leak is not proven. Better to wait, and wait to have real verified information on the subject.
