The hacker group that stole personal information from 5.4 million Twitter users last year released the data they collected in that attack on an online forum Wednesday. Daily Dot reported that the details of those affected could include celebrities as well as high-profile politicians whose cell phone numbers and e-mail addresses may have been obtained.
The data, stolen in December 2021, could have been obtained through a vulnerability that the social network team repaired immediately. The attack, first reported by cybersecurity expert Chad Loter via his Twitter account, affected users in Europe, Israel and the United States.
Any Twitter account with 'Let others find you by your phone' enabled in Discoverability settings is affected. All accounts for the entire country code of France (+33) are listed in the dataset with their mobile numbers.
Twitter does not take proper care of its users' safety
This is not the first time that the information obtained in 2021 has been released for sale. According to Just the News, before the data was released, a hacker attempted to cash in by offering the data for sale on the same forum for $30,000 in July of this year.
The leak comes a few months after Twitter's former chief security officer, Peiter Zatko, filed a complaint which was later obtained by The Washigton Post. In it, Zatko claimed that the social network was not sufficiently vigilant with the security of its users:
Twitter is grossly negligent in several areas of information security. If these problems are not corrected, regulators, media and users of the platform will be shocked when they inevitably learn about Twitter’s severe lack of security basics.
360 million WhatsApp user numbers, leaked
Meta app WhatsApp, also suffered a security breach on Wednesday. In its case, it affected 360 million users in 108 countries, according to an analysis carried out by a multinational company specializing in security, Check Point.
WhatsApp´s leak affects 360 million active phone numbers, Check Point has confirmed. The data, the cybersecurity firm reports, appeared on the BreachForums, hacking community forum, on November 16 and is already for sale on the darknet. For its part, WhatsApp sources denied the attack and stated in declarations collected by Infobae that "it is not a data leak". In addition, they said they were "disappointed" with Check Point for "buying a list of phones circulating on the Internet to repeat unfounded claims in order to gain free publicity."
However, Check Point is not the only one investigating the alleged attack. The technology website, Cybernews, began to investigate and was able to get in touch with the person who obtained the data. He assured them that he was selling the U.S . data set for $7,000, the U.K. data set for $2,500 and the German data set for $2,000.
#WhatsApp #dataleak: 500 million user records for sale. The #threat actor told @CyberNews they were selling the #US #dataset for $7,000, the #UK - $2,500, and #Germany - $2,000. Check if your country has been affected. Read more: https://t.co/YT8CwV2cLo#cybersecurity #infosec pic.twitter.com/ZsfakpLC3A
- CyberNews (@CyberNews) November 26, 2022
