How to Protect Yourself After the Latest Alleged Twitter Data Breach
Reading Time: 3 minutesDetails of more than 400 million Twitter accounts are reportedly for sale, so what does this mean for your security?
Personal details of more than 400 million Twitter accounts are reportedly being offered for sale on the open web after an alleged data breach of the popular microblogging service. But what exactly is for sale, and how can you protect yourself?
What Happened in the Alleged December 2022 Twitter Data Breach?
On December 23, 2022, a user on a popular data breach forum announced that they were selling the private data of 400 million users which was scraped using a vulnerability in the Twitter API.
While the user offered the data for sale directly, they also made an offer to Twitter CEO Elon Musk, promising exclusivity and the opportunity to avoid millions of dollars in fines from data protection agencies and regulators, as The Register reports:
Twitter or Elon Musk if you are reading this you are already risking a GDPR fine over 5.4m breach imaging the fine of 400m users breach.
I will advice you, Your best option to avoid paying $276 million USD in GDPR breach fines like facebook did (due to 533m users being scraped) is to buy this data exclusively, Which can go through the official owner middle man on here @[redacted] or admin @[redacted] after that I will delete this thread and will not sell this data again.
MUO has seen a limited sample of this data, and while we can’t verify its authenticity, it seems to show the email address, name, username, account creation date, and follower count of users. Roughly half of the accounts listed also contain phone numbers.
Twitter currently has no communications staff to contact for comment.
As mentioned by the alleged hacker, Twitter is already facing legal troubles, and The Data Protection Commission of Ireland recently started an investigation into an August 2022 data breach affected which 5.4 million Twitter users, according to TechGenix.
What Can Criminals Do With Information From Twitter Breaches?
Having any of your personal information put up for sale by criminals is bad—especially if the people who are willing to spend money to buy it are also criminals who expect a return on their investment.
Email addresses can be used to facilitate social engineering and spearphishing attacks against you or your contacts. These can be especially effective when combined with the vast trove of personal information you share on your Twitter account. Phone numbers are often used as part of a two-factor authentication (2FA) system for PayPal and banking. Cybercriminals with knowledge of your phone number can use it to help them engineer a SIM-swapping attack, giving themselves access to your phone number, and from there, your financial accounts.
How Can You Protect Yourself After the Alleged Twitter Breach?
While there is no confirmation that the information will be released to private buyers, or if it is even genuine, it can potentially be used by criminals to help target you. If you use your email address for any other account, you should change it on those accounts immediately. Likewise, you should unlink the telephone number used for your Twitter account from any other accounts.
Going forwards, you should use email aliasing for any account you sign up to, and where possible, use a secondary phone number. SMS or phone-based 2FA systems have long been considered insecure, and you should move to app-based 2FA instead.
Twitter Isn’t the Only Microblogging Platform
2022 hasn’t been the best year for Twitter, and in addition to the latest alleged security breach, it has also lost around half of its staff, including its entire communications department. If you’re worried about the security and potential longevity of Twitter going forward, consider using an alternative platform.
Ref: makeuseof