Personal Twitter Data Of 40 Crore Accounts Up For Sale On Dark Web: Report

Personal data of up to 40 crore Twitter accounts, including accounts of business figures, politicians, and government entities, is up for sale on the dark web, according to a report.

Israeli cyber-security firm Hudson Rock shared that a person is selling this on the dark web. The firm adds the claims of the person, called ‘threat actor’ in cyber-security parlance, having such data are “credible”.

The report says the data was obtained by the seller in early 2022.

BREAKING: Hudson Rock discovered a credible threat actor is selling 400,000,000 Twitter users data.

The private database contains devastating amounts of information including emails and phone numbers of high profile users such as AOC, Kevin O’Leary, Vitalik Buterin & more (1/2). pic.twitter.com/wQU5LLQeE1

— Hudson Rock (@RockHudsonRock) December 24, 2022

What does the report say?

The Hudson Rock says that personal data includes phone numbers and emails of the users.

The screenshot of a chunk of the data shared by the Hudson Rock on Twitter shows some well-known public figures, such as Google CEO Sundar Pichai, US Congressperson Alexandria Ocasio-Cortez, Donald Trump’s son Donald Trump Jr, and the Indian Ministry of Information and Broadcasting.

Some of the other well-known accounts seen in the screenshot are:

US Department of Interior

French Ministry of Justice

World Health Organization

SpaceX

China Daily

Scott Morrison, former Australian Prime Minister

Cara Delevigne, actor

Piers Morgan, British broadcaster

Hudson Rock says the data was accessed in early 2022 and the seller has attempted to extort Twitter’s owner Elon Musk.

“In the post, the threat actor claims the data was obtained in early 2022 due to a vulnerability in Twitter, as well as attempting to extort Elon Musk to buy the data or face GDPR lawsuits,” reports Hudson Rock.

However, it says it has not verified the claims in its totality but it appears to be legitimate.

“At this stage it is not possible to fully verify that there are indeed 400,000,000 users in the database. From an independent verification the data itself appears to be legitimate and we will follow up with any developments,” says Hudson Rock.

What is dark web?

The dark web is the internet that’s beyond the scope of search engines and cannot be searched normally.

You cannot access dark web through a URL in a normal browser like Google Chrome or Mozilla Firefox. It’s also not accessible through search engines.

This is because all ‘normal’ websites that want themselves to be accessed by general users are “indexed” on search engines. Websites not wanting to be found intentionally don’t get indexed and have to be looked up through special softwares such as the Tor browser.

The internet that we access everyday through URLs or search engines like Google or Yahoo is called “surface web” and the un-indexed, unsearchable websites and content beyond their scope are called “deep web”. Dark web is a sub-set of deep web.

Though it’s not always the case, but dark web is frequently used for criminal purposes.

“The dark internet is designed to provide anonymity by keeping communication private through encryption and routing online content through multiple web servers,” says cyber-security firm Avast.

Of illegal activities on dark web, Avast says, “The dark web is used for many illegal activities. It’s possible to buy and sell illegal drugs, malware, and prohibited content in darknet marketplaces. Some dark web commerce sites have dangerous chemicals and weapons for sale. Some hackers offer ransomware as a service…Hackers sell access to email accounts, social media profiles, or other information that can be used for identity theft.”