Hacker claims to have scraped data on 400 million Twitter accounts

A hacker claims to have obtained partial data on 400 million Twitter accounts, with a sample released online including purported information from former prime minister Scott Morrison’s page.

The data, which includes email addresses and some phone numbers linked to user accounts but not passwords, was posted just before Christmas on the same data forum that was used by the Optus hacker. This masthead has chosen not to name the site.

Twitter has endured a chaotic period under Elon Musk.Credit:AP

Israeli cybersecurity company Hudson Rock, which first publicised the breach, said the sample data “appears to be legitimate”, but cautioned that it was impossible to verify the hacker’s claim to have taken 400 million records from 2021 to early 2022.

Rob Potter, co-founder of Australian cybersecurity firm Internet 2.0, said the data appeared to have been taken via a method called “scraping”, which is where a savvy user finds a system that has been misconfigured to provide information, and requests data from it.

“There’s some bug… that allowed them to scrape without limitation, so they were able to just continuously scrape,” Potter said.

In Morrison’s case, the email used in the file is his publicly available Parliament House address and there is no phone number or other sensitive information. But other celebrities in the file have had what appear to be personal email or phone numbers made public. British broadcaster Piers Morgan and model Cara Delevingne are among those listed.

Twitter’s billionaire owner and chief executive Elon Musk, who has also functioned as a one-man press office since buying the company, has not responded to public requests for comment from users caught in the breach.

Morrison’s office did not immediately respond to a request for comment. Twitter’s Australian media team was axed in Musk’s initial round of job cuts and a public relations agency that previously worked for it is no longer representing the social media giant.

The hacker demanded a $US200,000 ($297,000) payment for the data and said Twitter had not been in contact but had patched the breach that allowed the data to be taken earlier this year. The release of the data could lead to hacks on celebrities on the platform and prompt users to leave the already beleaguered social network.

Musk’s ownership of Twitter has proved chaotic, with mass job cuts, abrupt policy changes, and plans for new features announced and then abandoned or delayed.

The tumult has hit Musk’s primary company, the electric vehicle maker Tesla. Its shares are down almost 70 per cent this year to $US109 ($161), with a particularly punishing slip on Tuesday after a report of reduced production plans in the company’s Shanghai facility.

The Albanese government toughened penalties for breaching privacy laws earlier this year following the Optus and Medibank hacks.

Most Viewed in Technology

From our partners

Source: Read Full Article