Twitter Might Have Been Pwned In Epic Fashion

If you believe some reports that I have been seeing online, like this one from Bleeping Computer, it is possible that Twitter has been pwned by hackers. And the results could be devastating as the threat actors behind this have apparently secured millions of Twitter users’ personal information on the dark web. Email, username, follower count, creation date, and, in some situations, the users’ phone numbers are all included in the sample data. This came to light three days ago where the threat actor posted celebrity names and other information, as well as a note for Elon Musk in a dark web forum telling him that if he wants the data not to be made public, he needs to buy it. I’ve seen the post in question so I know it exists. And it’s going to create a huge problem for Elon. Here’s why:

In a statement on Friday, the Irish privacy regulator said, “The DPC corresponded with Twitter International Unlimited Company (‘TIC’) in relation to a notified personal data breach that TIC claims to be the source vulnerability used to generate the datasets and raised queries in relation to GDPR compliance.”

It also added that it believes “one or more provisions of the GDPR and/or the Act may have been, and/or are being, infringed in relation to Twitter Users’ personal data.”

The DPC, which serves as Twitter’s lead EU watchdog, wants to determine if the social media giant has fulfilled its obligations as a data controller regarding the processing of user data and whether it has violated any provisions of the General Data Protection Regulation (EU GDPR) or the Data Protection Act 2018.

Well, that’s going to end badly for Elon if it is determined that Twitter has actually been pwned. This organization has nailed Twitter before, and they won’t hesitate to do so again. Plus it will likely prompt other organizations like the FTC to start poking around. And the FTC isn’t shy about slapping companies silly when the drop the ball. Or in the case of Twitter, are under a consent decree because of past bad behaviour.

But the trouble doesn’t end there for Elon:

Security expert Chad Loder also revealed on Twitter and Mastodon details about an even larger data dump potentially containing millions of Twitter records with personal phone numbers that were collected using a previously fixed API bug and some publicly available information, such as verified status, account names, Twitter ID, bio, and screen name.

“I have just received evidence of a massive Twitter data breach affecting millions of Twitter accounts in EU and US,” Loder said.

“I have contacted a sample of the affected accounts and they confirmed that the breached data is accurate. This breach occurred no earlier than 2021.”

BleepingComputer has verified with multiple affected users that the phone numbers in this data breach are valid.

It is worth noting that none of the phone numbers in this leaked database were present in the original data sold in August 2002, demonstrating the significant exchange of Twitter user data among threat actors and the extent of the data breach beyond what was previously known.

This is an extinction level event for both Twitter and for Elon if this is true. Even if some or all of this didn’t happen under his watch, he’s the guy in charge now so he’s responsible. I’d honestly watch this story over the coming days. Because if you were looking for a singular event that would “end” Twitter and Elon along with it, this would pretty much qualify.

2 Responses to “Twitter Might Have Been Pwned In Epic Fashion”

  1. […] might recall that Twitter appears to have been pwned. And pwned big. When I posted this story, I had said that “millions” of Twitter users might be affected. The number is actually […]

  2. […] it is true that Twitter is being investigated by the EU over this hack, and yes this didn’t happen under Elon’s watch. But he own […]

Leave a Reply

%d bloggers like this: