Former Australian Prime Minister Scott Morrison leaked partial data on 400 million Twitter users, along with celebrities such as model Cara Delevingne, US politician Alexandria Ocasio-Cortez and pop singer Shawn Mendes. seems to have been caught in
Morrison’s Twitter account was included in a sample of data released last week by an alleged cybercriminal.
A cybersecurity firm that publicly warned against the apparent hacker claims said:probably not a coincidenceMedia personality Piers Morgan, who also appeared in data samples released by hackers, had his Twitter account just hacked.
Most of the content on Morgan’s Twitter account has since been deleted, but it was reportedly sending slanderous and abusive messages aimed at the late Queen and British singer Ed Sheeran.
All that was mentioned in the hack was Morrison’s official email address, which had already been made public, and his phone number was not listed either, thus minimizing the potential damage. can be suppressed.
The hackers claimed the data had been “scraped” from Twitter via a “vulnerability” on the site and that it was “scraped” from “celebrities, politicians, businesses, regular users, and many OG and special username emails and It contains a phone number,” he claimed.
Hackers have offered Twitter to sell the data “exclusively” for $200,000 (A$300,000) to avoid Twitter paying EU General Data Protection Regulation (GDPR) fines.
The Guardian has decided not to name the site.
In August, Twitter has acknowledged a vulnerability in its API system. Identified in January . By exploiting this vulnerability, people could patch both public and private data records. For example, an individual’s phone number or the e-mail of a prominent user.
This bug was caused by Twitter’s code update in June 2021. It was identified and patched, but in July 2022, Twitter learned that “the issue was exploited by malicious actors before it was resolved.”
This happened after someone tried to sell the email addresses and phone numbers of 5.4 million users. Twitter said it would warn users who were confirmed to have been affected by the breach.
These details were made public in November, but reports at the time may have been the tip of the iceberg, and we were unable to confirm how many users were caught by people exploiting this flaw.
Israeli cyber-intelligence firm Hudson Rock tweeted about a “trusted threat” three days ago, apparently first noticing the post providing data for its 400 million Twitter users.
So far, no one has independently confirmed that they have access to what the poster claims.
Guardian Australia has reached out to Morrison’s office for comment.