Millions of WhatsApp and Twitter user information for sale to the highest price
Millions of WhatsApp user information for sale to the highest price
More than 5.4 million records of users of "Twitter" have become located in a huge data file on the dark web, which includes their personal phone numbers and email addresses.
The data dump file was identified by Chad Lauder, founder of the Cyber-security Awareness company" habet 8 ", who posted the news via his Twitter account on November 23, and his account was suspended shortly after its publication.
Cyber News website, which specializes in information security reports, confirmed that this attack is dangerous and targets real (German) accounts.
Lauder announced that the attack affected users in the European Union and the United States and that the data disclosed was enough to launch phishing attacks to obtain login credentials.
The removal of Lauder's tweets and his suspension raised fears that Twitter was trying to hide the problem, as some pioneers of the social network said that Musk "blocked Lauder for exposing Twitter's weak security," according to a report by the British newspaper Daily Mail.
User data was first published on the hacking forum at a price of 30 thousand dollars last July, but the latest deal provides this information for free, according to the company Bleeping Computer.
It is believed that hackers got the information in December 2021 using a vulnerability in Twitter that was revealed in a special rewards program for finding vulnerabilities (HackerOne bug bonus).
The site "Twitter" confirmed in August that bad actors exploited the vulnerability, but fixed the bug in January 2022.
At the time, Twitter said it had "no evidence" that the flaw had been exploited.
Computer games reported that bombing, the owner of the hacker hacking forum, was responsible for exploiting the bug at the end of 2021 and creating the extensive database, which was then posted online by a hacker known as "Satan" (the devil).
This hacker listed a user account record on the dark web in July, and it is believed that two parties bought the information for less than 30 thousand dollars.
5.4 million Twitter user data records were leaked over the dark web
And on top of 5.4 million records, there were an additional 1.4 million profiles on "Twitter" of users collected using a different API.
This suggests that several people, or hacking groups, have taken advantage of this flaw since last December.
And last September, on November 24, 5.4 million records on" Twitter " were shared for free on the hacking forum.
Bleeping also warned about malicious emails from" Twitter", as they are potentially fake and designed to steal login credentials.
The hackers obtained the information in December 2021 using a security vulnerability in Twitter that was revealed in a rewards program for finding gaps (Al-Jazeera)
If you receive an email claiming that your account has been suspended, there are problems logging in, or you are about to lose your verification status, and it prompts you to log in to a site other than "Twitter", ignore and delete emails because they are possible phishing attempts.
Lauder tweeted: "Just received proof of a massive Twitter data breach that affected millions of Twitter accounts in the EU and the US. I contacted a sample of the affected accounts and they confirmed the accuracy of the hacked data. This violation did not happen before 2021," he said.
WhatsApp users around the world were asked to pay attention to fake messages after hackers warned that they had access to millions of phone numbers.
If you receive a WhatsApp message from a number you don't know in the coming weeks, it could be a scam, a hacker has claimed to have stolen 487 million WhatsApp account phone numbers and is now offering to sell them to the highest bidder.
The website" cyber news " (cyber news), which specializes in information security reports, confirmed that this attack is serious and targets real accounts.
The set of numbers includes users from all over the world, and the biggest impact seems to affect WhatsApp users in the UK, the USA, and Europe.
After revealing some of their plans, the hackers told cyber news that they are selling the US data set for 7 thousand dollars, the UK data for 2500 dollars, and Germany for two thousand dollars.
Once this information gets into the hands of cybercriminals, these numbers can easily be used to send spam, malicious links, or messages aimed at stealing money.
The attack consists of hackers pretending to be nearby and that they need money, and some users have lost thousands of dollars responding to this trick.
Now cybernews urges all users of" WhatsApp " to be wary of any calls from unknown numbers, unwanted calls, and messages from contacts they do not know.
That's why if you receive any message that does not look right, do not respond to it and delete it without delay.
Speaking about the attack, mantas Jankauskas, head of the cyber news research team, said: "in this era, we all leave a big digital footprint-and tech giant like Meta (the owner of WhatsApp) should take all precautions and means to protect that data.
"WhatsApp" responded to the allegations of cyber news, saying that it had not seen any evidence of an attack.