How should you protect yourself after Twitter’s latest alleged data breach?
The personal information of more than 400 million Twitter accounts is said to have been put up for sale online following a data breach of the popular microblogging service. But what exactly is on sale and how can you protect yourself?
What happened in the alleged December 2022 Twitter data breach?
On December 23, 2022, a user of a popular data breach forum announced that Twitter had sold the personal data of 400 million users recovered through a vulnerability in its API.
While offering user data for direct sale, it also offered Twitter CEO Elon Musk the opportunity to avoid exclusivity and millions of dollars in fines from hacking agencies.
Twitter or Elon Musk, if you’re reading this, you’re already facing GDPR fines for more than 5.4 million violations, mimicking the 400 million user violation fines.
I will advise, your best option to avoid paying 276 million dollars in fines for GDPR violations like facebook (due to the termination of 533 million users) is to get this data exclusively and you can pass this data here @ official owner.[redacted] or admin@[redacted] after that i will delete this thread and will not sell this information anymore.
MUO has seen a limited sample of this data, and while we cannot verify its authenticity, it does show email address, name, username, account creation date, and user follower count. About half of the accounts listed also have phone numbers.
No communications staff at Twitter could be reached for comment at this time.
As noted by the alleged hacker, Twitter has already faced legal challenges, and the Irish Data Protection Commission recently launched an investigation into a data breach that affected 5.4 million Twitter users from August 2022, according to TechGenix.
What can criminals do with data obtained from Twitter flaws?
Having your personal information sold by criminals is a bad thing, especially if the people who are willing to spend money to get it are also criminals looking for a return on their investment.
Email addresses can be used to facilitate social engineering and sparphishing attacks against you or your contacts. These attacks can be especially effective when combined with the large amount of personal information you share on your Twitter account. Phone numbers are often used as part of a two-factor authentication (2FA) system for PayPal and banking services. Cybercriminals who know your phone number can use it to launch a SIM swapping attack, which gives them access to your phone number and thus your financial accounts.
While there is no confirmation that the information will be disclosed to private recipients, or even if it is genuine, it could potentially be used by criminals to target you. If you use your email address for any other accounts, you should change it on those accounts immediately. Likewise, you should separate the phone number used for your Twitter account from any other account.
In the future, you should use an email alias for any account you sign up for and, if possible, use a secondary phone number. Text or phone-based 2FA systems have long been considered unreliable, and you should opt for app-based 2FA systems instead.
Twitter is not the only microblogging platform
2022 was not the best year for Twitter. In addition to the latest alleged security breach, the company lost nearly half of its employees, including its entire communications department. If you are concerned about the security and potential longevity of Twitter in the future, consider using another platform.