The social media platform has neither confirmed nor denied the report of a breach
Personal information, including email, username, followers, and phone numbers, of the affected users has been put up for sale on the dark web
As per cybersecurity firm Hudson Rock, the hacker may have exploited the vulnerabilities in the API of the platform
Inc42 Daily Brief
Stay Ahead With Daily News & Analysis on India’s Tech & Startup Economy
According to Israeli cybersecurity firm Hudson Rock, a major data breach by a hacker has reportedly affected more than 40 Cr Twitter accounts globally, including those belonging to the Union Ministry of Information and Broadcasting (MIB).
While the micro-blogging platform has not yet confirmed the report, if true, it could likely be the biggest leak in the history of the social media platform.
Hudson Rock claimed that personal data of more than 40 Cr has been stolen and put up for sale on the dark web. The company also reported that the data of Google’s chief executive officer Sundar Pichai and Bollywood actor Salman Khan was compromised in the leak.
“Twitter or Elon Musk, if you are reading this post, you are already at risk of GDPR fines for the data leak of over 54 Mn users. Now fines for data leak of 400 Mn users. Your best option to avoid paying $2.76 Mn in CDPR breach fines like Facebook did (due to 533 Mn users being scrapped) is to buy this data exclusively,” the hacker posted, according to the report.
The data that has been put up for sale includes email, username, followers, and phone numbers of the affected users. The Hudson Rock report said that the hacker may have exploited an API vulnerability of the platform.
“The data is increasingly more likely to be valid and was probably obtained from an API vulnerability enabling the threat actor to query any email/phone and retrieve a Twitter profile, this is extremely similar to the Facebook 533 Mn database that I originally reported about in 2021 and resulted in a $275,000,000 fine to Meta,” Hudson Rock’s chief technology officer Alon Gal said.
Noose Tightened On Social Media Platforms
Last month, it was widely reported that personal data of more than 50 Cr WhatsApp users from across 84 countries was put up for sale online. WhatsApp has denied the claims.
According to VPN company Surfshark, user data of more than 26.5 Cr Indian accounts has been breached since 2004. Earlier this month, NordVPN claimed that personal data of more than 6 Lakh Indian users has been stolen and sold since 2018.
The reports of data breaches come amidst renewed scrutiny on social media platforms. The Indian government has introduced a clutch of draft regulations to oversee such platforms and penalise those who flout them.
As per the recently unveiled draft Digital Personal Data Protection, a fine of up to INR 500 Cr could be imposed on data fiduciaries that fail to take reasonable security safeguards to prevent the breach of data.
As per a senior Google India executive, India saw more than 18 Mn cyberattacks and 2 Lakh threats per day in the first quarter of 2022.
Note: We at Inc42 take our ethics very seriously. More information about it can be found here.