Hackers leak email addresses tied to 235 million Twitter accounts
Source: Washington Post
Tech is not your friend. We are. Sign up for The Tech Friend newsletter.
That poses threats of exposure, arrest or violence against people who used Twitter to criticize governments or powerful individuals, and it could open up others to extortion, security experts said. Hackers could also use the email addresses to attempt to reset passwords and take control of accounts, especially those not protected by two-factor authentication.
This database is going to be used by hackers, political hacktivists and of course governments to harm our privacy even further, said Alon Gal, co-founder of the Israeli security company Hudson Rock, who spotted the posting on a popular underground marketplace.
The records were probably compiled in late 2021, using a flaw in Twitters system that allowed outsiders who already had an email address or phone number to find any account that had shared that information with Twitter. Those lookups could be automated to check an unlimited list of emails or phone numbers.
Read more: https://www.washingtonpost.com/technology/2023/01/04/witter-leak-emails-handles/
bucolic_frolic
(43,362 posts)Dormant address now receiving spam. So someone is using the stolen information.
FakeNoose
(32,819 posts)Corporate negligence on a grand scale.
tamtamp
(17 posts)To hurt him .
The guy is that crazy.
NullTuples
(6,017 posts)All those sweet, sweet phone numbers and the identity triangulation they provide.
Trueblue1968
(17,242 posts)OnlinePoker
(5,727 posts)getagrip_already
(14,891 posts)Of course, you have to give them names, phone numbers, credit card numbers, etc, if you want them to tell you if they are out there....
Catch 22 in a way.
But companies are supposed to notify users if they have been the subject of a breach. Again, a catch 22 if they don't.
ancianita
(36,157 posts)(bolded for emphasis)
While 235 million published records ranks among the largest breaches anywhere, it is only the latest in a stretch of security disasters at Twitter dating back more than a decade. Frequent account takeovers led to a 2011 settlement with the FTC that Zatko said the company has been violating.
While Elon Musk previously used Zatkos testimony about poor security practices in a failed attempt to get out of buying the company, he has since laid off many of its security staffers.
Hackers aren't out to harm the public, imo. This event, imo, is to warn the public off Musk's hobbled platform. Hackers have warned of single owner platforms being corrupted to reflect the owners' political or world view. Even we have discussed that.
Related to this hack is what Techdirt says is the general issue of important real time agencies and journalists getting to platforms (like Mastodon and other sites of the fediverse) that secure and support real factual reporting.
Meanwhile, countless government agencies also use the birdsite as a vehicle for messaging of all kinds. In situations where people want the vital news such as forest fires, storms, etc. Twitter has become one of the default places to check.
They, too, can and should migrate to services like Mastodon. They should plan collaboratively to cut over to their own verified instances, in an orderly way that gives their constituents notice and time to get adjusted to the new system...
The best time for journalists and others to have recognized the threat of centralized systems run by unreliable, untrustworthy dictators would have been years ago. The next best time is tomorrow.
https://www.techdirt.com/2023/01/04/journalists-and-others-should-leave-twitter-heres-how-they-can-get-started/
Trueblue1968
(17,242 posts)highplainsdem
(49,044 posts)that the hacker tried to get Musk to pay to keep the data from being posted online, but I don't remember where I read it or the exact details.
ancianita
(36,157 posts)highplainsdem
(49,044 posts)ancianita
(36,157 posts)might be the first time hacking's been done, but it's not the first time accounts have been tampered with, even hijacked.
getagrip_already
(14,891 posts)You can still sue them for things that happened before the takeover.
ancianita
(36,157 posts)I'm no lawyer, but I doubt that will happen. If it does, it will take years. In the meantime, the solution is to gravitate to other more democratically run platforms in the fediverse.