According to a LinkedIn post last week by Alon Gal, co-founder of the Israeli cybersecurity monitoring company Hudson Rock, stolen data has been discovered, that contained email addresses of more than 200 million twitter users.
The breach would probably result in "hacking, targeted phishing, and doxxing," according to Gal, who labeled it as a "significant leak" and said that the information had been uploaded on an internet hacker forum.
He claimed that despite alerting the firm, Twitter, he had not received a response.
"I urge security researchers to conduct a thorough examination of the leaked data and rule out Twitter's conclusion of the data being an enrichment of some sort which did not originate from their own servers," says Alon Gal.
Although, Twitter has denied all claims of the emails, allegedly linked to the users’ accounts, being obtained through a hack.
In regards to the issue Twitter responded by stating “in response to recent media reports of Twitter users’ data being sold online, we conducted a thorough investigation and there is no evidence that data recently being sold was obtained by exploiting a vulnerability of Twitter systems.”
According to Twitter, the stolen records in question was instead probably a collection of data “already publicly available online.” While it still warns online users to be wary of suspicious emails.
Gal, meanwhile, disapproved of Twitter's answer in a fresh post on LinkedIn. In contrast to instances of data enrichments, he noted, “The authenticity of the leak is evident in the lack of false positives between Twitter usernames and emails found in the database, opposite to cases of data enrichments.”
The disclosure came to light following the multiple reports that Twitter data of millions of users – 5.4 million in November 2022, 400 million in December 2022, and 200 million last week – have been exposed online for sale on cybercrime forums.
Twitter, in its latest post says that the latest dataset breach of 200 million users “could not be correlated with the previously reported incident, nor with any new incident or any data originating from an exploitation of Twitter systems.”
It added that, “None of the datasets analyzed contained passwords or information that could lead to passwords being compromised.”
Moreover, in December 2022, another set of reports claimed that 400 million email addresses and phone numbers were stolen from Twitter – which the company denied as well.
Researchers suggest that a widespread cache of email addresses related to roughly 200 million users is probably a revised version of the larger cache with duplicate entries deleted from the end of 2022 when hackers are selling stolen data from 400 million Twitter users.
A flaw in a Twitter API that appeared from June 2021 until January 2022, allowed attackers to submit personal details like email addresses and obtain the corresponding Twitter account. Attackers used the vulnerability to harvest information from the network before it could be fixed.
The bug also exposed the link between Twitter accounts, which are frequently pseudonymous, numbers and addresses linked to them, potentially identifying users even if it did not allow hackers to obtain passwords or other sensitive data like DMs.
The email addresses for a few listed Twitter profiles were accurate, according to the data that Bleeping Computer downloaded. It also discovered that the data had duplicates. Ryushi, the hacker, asked Twitter to pay him $200,000 (£168,000) in exchange for providing the data and deleting it. The information follows a warning from Hudson Rock last week regarding unsubstantiated claims made by a hacker that he had access to the emails and phone numbers of 400 million Twitter users.
Troy Hunt, the founder of the security news website Have I Been Pwned, also investigated the incident and tweeted his findings "Acquired 211,524,284 distinct email addresses; appears to be primarily what has been described," he said.
The social network has not yet responded to the enormous disclosure, but the cache of information makes clear how serious the leak is and who might be most at risk as a consequence. Social media companies have consistently and quickly minimized previous data scrapes of this nature and have dismissed them as not posing substantial security risks for years.
In regard to this, a probe has been launched by Ireland’s watchdog. According to the Data Protection Commission (DPC) it "will examine Twitter's compliance with data protection law in relation to that security issue."
As per the reports, Twitter did not comment on this claim yet, nor did it respond to the press inquiries regarding the claimed breach.
The stolen data apparently includes victims’ phone numbers and emails, including that of some celebrities and politicians. While the exact size of the haul is yet to be confirmed, only a small “sample” has been made public thus far.
Several Hints May Prove the Claim
A cybercrime intelligence firm 'Hudson Rock' was the first to bring up the issue of the sale of stolen data. One of the company's chief technology officers told BBC that several hints seemed to back up the hacker's assertion.
The data did not seem to have been copied from some earlier breach, where the details were made public from 5.4 million Twitter accounts.
Out of the 1,000 sample emails provided by the hacker in the earlier incident, only 40 emails appeared, "so we are confident that this breach is different and significantly bigger," the officer said.
Additionally, Mr. Gal noted: "The hacker aims to sell the database through an escrow service that is offered on a cyber-crime forum. Typically this is only done for real offerings." An escrow service is a third party that agrees to release funds but only after certain conditions are met (for example handing over data)
The hacker has said that the breached data was obtained and gathered by taking advantage of a vulnerability in the system, that enables computer programs to connect with Twitter.
The DCP on the other hand announced that it was investigating the earlier breach that took place on December 23, 2022. Moreover, media reports assert that the hacker is in fact aware of the loss and potential damage the breached data can do.
The feud began when earlier this week, Musk, in a series of tweets accused Apple of halting most of the advertisements and threatening to remove the platform from its App Store. He added that this situation had become “a battle for the future of civilization.”
However, Apple’s chief executive tweeted on Wednesday that “Tim was clear that Apple never consider doing so.” While he did not say whether Apple’s advertising was discussed in the meeting.
The meeting between the two CEOs as numerous companies have halted spending on advertisements on Twitter, due to concerns over Elon Musk’s content moderation plan.
This would apparently be a major setback for Twitter since Twitter relies on advertisements for the majority of its aggregate revenue.
On Monday, the Twitter CEO accused apple of “censorship,” while also criticizing its policies, particularly the levies it imposes on purchases made through its App Store. “Apple has mostly stopped advertising on Twitter. Do they hate free speech in America?” said Musk.
Later, Musk updated his Twitter followers that he was meeting with Mr. Cook at Apple’s headquarters, adding in his tweet: “Good conversation. Among other things, we resolved the misunderstanding about Twitter potentially being removed from the App Store. Tim was clear that Apple never considered doing so.” Meanwhile, Apple has not made any official comment on the said meeting.
Weeks after Mr. Musk became the chief executive, Twitter lost at least half of its major advertisers. This estimates a loss of nearly $750 million to the social media giant, as reported by Media Matters, a non-profit watchdog.
Some of the major advertisers lost included General Mills and Pfizer. Musk as well acknowledged that this defection has resulted in a “massive drop” in revenue, with the company losing $4 million per day.
Apple, on the other hand, is consistently one of the major advertisers on the social network company, spending over $100 million annually, as reported by Bloomberg.
The action was taken in response to a number of accounts impersonating company giants receiving a blue tick, that previously indicated that the platform has verified the user as real.
A Twitter user claimed to be a drugs firm Eli Lilly and said "insulin was free". Twitter did not comment.
The incident added to the concerns about how Musk’s leadership has an impact on the spread of misinformation on the platform.
"We apologize to those who have been served a misleading message from a fake Lilly account," tweeted Eli Lilly, a few hours after the prank post went up on the internet on Thursday, reiterating the name of its real Twitter handle. Consequently, the firm’s shares fell up to 4% on Friday amid the confusion.
Max Burns, a US-based PR strategist says he had seen the fake accounts being impersonated as ‘verified user’ accounts with the verified blue tick badge, that was supposedly purchased via Twitter Blue posing as support accounts for existing airlines and asking users who were trying to contact them on Twitter to direct message the fake accounts instead.
"How long until a prankster takes a real passenger's ticket information and cancels their flight? Or takes their credit card info and goes on a spending spree?" he said. "It will only take one major incident for every airline to bail on Twitter as a source of customer engagement."
Adding to the confusion, these fake verified accounts could put advertisers in major difficulties, who have put their businesses with Twitter on hold. Musk's rocky run atop the platform laying off half its workforce and triggering high-profile departures has raised questions about its survivability.
The imposters could be a major setback, even if the fake accounts are taken down quickly.
They have created overwhelming reputation risk for placing advertising investments on the platform, says Lou Paskalis, longtime marketing, and media executive and former Bank of America head of global media. He adds that with the fake verified brand accounts, a picture emerges of a platform in disarray that no media professional would risk their career by continuing to make advertising investments on, and no governance apparatus or senior executive would condone if they did.
Twitter’s Latest CEO Warned Employees
Last month, Elon Musk made his $44 billion purchase of Twitter and swiftly set about overhauling the company.
Musk has fired roughly 3,700 employees, almost half of the firm’s former staff- and pushed the firm to concentrate on finding ways other than advertising to generate revenue.
His first email to employees warned, "The road ahead is arduous and will require intense work to succeed[...]Without significant subscription revenue, there is a good chance Twitter will not survive the upcoming economic downturn."
At Twitter, as we all know by now that a lot is going on. 50% of the employees were laid off after Elon Musk took over the business. A couple more top executives quit the firm as Musk implemented measures to make Twitter profitable.
In the aftermath of Elon Musk taking over Twitter, few users have been using alternative platforms. Mastodon is one of the biggest beneficiaries. But what is it? Let's read more about it.
In terms of appearance, Mastodon looks like Twitter, account users write "toots" (meaning posts), which be liked, re-posted, and replied to. The users can also follow each other. Beneath the surface, however, its working is different.
It is one of the reasons why the platform is getting a lot of users, but it has made some doubts for new users signing up. The platform is six years old, but its current rise is unbelievable, getting overwhelmed by new followers every day. Here's everything you want to know about it.
The first thing a user has to do after signing up is select a server, there are many. The themes vary from county, city, or interest- like UK, social, technology, gaming, etc.
It doesn't matter which server you are using, as you can follow users from any server, however, it gives you a familiar community that'll share similar content, the kind you might be interested in. Famous ones like social and UK- are currently running very slowly because of the high demand.
The server you select becomes part of your username, for instance, if you are using your current Twitter handle "XYZ" on a UK server, the username will be @xyzmastodonapp.uk. So here's your user address, the people can search it to find you on the app. If you're on the same server, you can find a person using their name, but if they are on another server, you will need their full address.
In this matter, it is different from Twitter, Mastodon will not recommend users you might be interested in. You can also look for hashtags.
Zoe Kleinman, writer at BBC says:
"This is a real hot potato. At the moment all the servers have their own moderation rules, and some have none. Some servers are choosing not to link to others that are full of bots or seem to have a high quantity of hateful content - this means they will not be visible to those on the servers where they are blocked. Posts can also be reported to the server owners."
In case of hate speech or illegal content, the owners can remove it, but it doesn't assure that the content is removed from everywhere.
If Mastodon continues to grow, it can become a major issue. There have already been cases of people being targeted via hateful content, and the use of homophobic harassment.
No, there are no ads. But you can promote your company or services, as there are no regulations. Mastodon also doesn't have a curated experience like Twitter, where you view posts on the basis of what your followers are talking about.
It depends on the server you are using, some ask for donations, as they don't get paid, however, a large part of it is free.