What’s shocking is the sample data provided by the hacker includes data from some really high profile user accounts. The sample data contains user data of the following –
- – Alexandria Ocasio-Cortez
- – SpaceX
- – CBS Media
- – Donald Trump Jr.
- – Doja Cat
- – Charlie Puth
- – NASA’s JWST account
- – NBA
- – Ministry of Information and Broadcasting, India
- – Shawn Mendes
- – Social Media of WHO
The sample data contains many more high profile user’s data. While most of them will lead to the social media team, the data leak if legitimate, is going to be very damaging. According to Alon Gal, co-Founder and CTO of Israeli cybercrime intelligence company, Hudson Rock, the data was probably obtained from an API vulnerability enabling the threat actor to query any email or phone and retrieve a Twitter profile.
While other threat actors have not verified the data yet, Alon Gal in his LinkedIN post states that “The data is increasingly more likely to be valid and was probably obtained from an API vulnerability enabling the threat actor to query any email / phone and retrieve a Twitter profile, this is extremely similar to the Facebook 533m database that I originally reported about in 2021 and resulted in a $275,000,000 fine to Meta.”
A breach of this scale might explode up in Elon Musk’s face after he sledgehammered Twitter’s business and policy. The DPC has already begun investigating the earlier breach.