A few weeks ago, a database with 400 million records of Twitter accounts was offered. Now a cleaned version with 235 million records is offered which apparently contains real data such as e-mail addresses, telephone numbers and publicly available information - but probably no passwords.
Even if the database for the Twitter accounts does not contain any passwords and probably only a small number of telephone numbers, the data can be used very well for phishing and doxxing. That's how it looks Expert Alon Gal, CTO at Hudson Rock, the company that first discovered the dark web offering for the database with 400 million records.
Phishing and doxxing expected
The company Hudson Rocks, a company for cybercrime investigations, has published a screenshot of an underground forum as evidence: the user "Ryushi" offers in his post 400 million data sets that he claims to have ended up on Twitter. This should contain the Twitter name, e-mail and, in some cases, the telephone number for each user. Actually not particularly critical data. However, the data should also include information on US politician Alexandria Ocasio-Cortez, former US President Donald Trump, Google CEO Sundar Pichai, Apple co-founder Steve Wozniak and Vitalik Buterin, the inventor of the cryptocurrency Ether.
IT security researcher Alon Gal warns that hackers could use the vulnerability originally abused to compare phone numbers and names. According to Alon Gal, a revised database with telephone numbers already exists.
Check email address and phone number
In the circulating databases for Twitter accounts, there are also many accesses from companies or their managers. It is therefore advisable to check whether the e-mail address or telephone number is included. The web offer "';–have i been pwned?" entered the Twitter database into its systems. There you can check seriously and free of charge whether data has been compromised.
Editor/sel