Security Incident Twitter Scrape of +400M Users - Detected!

Submitted by Smoke2Much
Insert date Dec 24, 2022

Compromised Data: email,name,username,follower_count,creation_date,phone_number

Compromised Total Users: +400M

Data Breach Date: 2022

Data Breach Details Discussion

http://twitter.com

Using a security flaw, a user started selling data on more than 400 million unique Twitter users. This data, which was scraped, is fully private and includes emails and phone numbers of celebrities, politicians, businesses, regular individuals, and many OG and unique usernames.

User also made a statement,

Twitter or Elon Musk if you are reading this you are already risking a GDPR fine over 5.4m breach imaging the fine of 400m users breach source
Your best option to avoid paying $276 million USD in GDPR breach fines like facebook did (due to 533m users being scraped) is to buy this data exclusively,
Which can go through the official owner middle man on here @pompompurin or admin @Baphomet after that I will delete this thread and will not sell this data again.
And data will not be sold to anyone else which will prevent a lot of celebrities and politicians from Phishing, Crypto scams, Sim swapping, Doxxing and other things that will make your users. Lose trust in you as a company and thus stunt the current growth and hype that you are having also just imagine famous content creators and influencers getting hacked on twitter that will for sure Make them ghost the platform and ruin your dream of twitter video sharing platform for content creators, also since you Made the mistake of changing twitter policy that got an immense backlash
From content creators this is a sensitive time, which will make things far worse and if you are unsure just run a poll on twitter like usual and people will choose their fate, because at the end of the
Day it's the company's fault that this data was breached.

Sample of database content:

alex.ocasio@gmail.com,Alexandria Ocasio-Cortez,AOC,12772117,Wed Apr 28 22:38:40 +0000 2010
media@spacex.com,SpaceX,SpaceX,18464597,Thu Apr 23 21:53:30 +0000 2009
cracker@gmail.com,briankrebs,briankrebs,336208,Wed Mar 04 15:57:39 +0000 2009
apmcarrasco@gmail.com,Alex Morgan,alexmorgan13,3871373,Fri Apr 03 22:04:38 +0000 2009,+13106131203
dana.howbert@cbsinteractive.com,CBS,CBS,1180218,Fri Dec 18 20:16:17 +0000 2009
amalina1021@gmail.com,Sexy Feline Machine,DojaCat,3921592,Tue May 01 21:14:18 +0000 2012
djtjr@hotmail.com,Donald Trump Jr.,DonaldJTrumpJr,7197983,Mon May 11 21:18:33 +0000 2009
cputh1991@yahoo.com,Charlie Puth,charlieputh,3233448,Fri Aug 22 14:31:05 +0000 2008
Markiplier@Gmail.com,Mark,markiplier,13388019,Wed Mar 07 01:18:38 +0000 2012
kevin@kevinoleary.com,Kevin O'Leary aka Mr. Wonderful,kevinolearytv,832069,Thu Apr 16 17:22:43 +0000 2009,+16179010401
genex@orangephotography.com,gene x,x,26416,Thu Mar 29 20:37:52 +0000 2007
georgedavidson123@gmail.com,George,GeorgeNotFound,3225228,Thu Dec 25 18:29:50 +0000 2014
newmedia@ios.doi.gov,US Department of the Interior,Interior,4963916,Tue Sep 22 14:36:29 +0000 2009
minofib@gmail.com,MIB India #AmritMahotsav,MIB_India,1345332,Fri Nov 02 06:26:58 +0000 2012
socialmedia@who.int,World Health Organization (WHO),WHO,10040866,Wed Apr 23 19:56:27 +0000 2008
mark.cuban@dallasmavs.com,Mark Cuban,mcuban,8550044,Wed Sep 10 21:12:01 +0000 2008
steve@woz.org,Steve Wozniak,stevewoz,633098,Thu Mar 05 16:24:20 +0000 2009,+14088888889
newmedia@chinadailyusa.com,China Daily,ChinaDaily,4266409,Thu Nov 05 20:30:10 +0000 2009
tysonwebquery@gmail.com,Neil deGrasse Tyson,neiltyson,14551758,Thu Jan 29 18:40:26 +0000 2009
caradelevingne@gmail.com,Cara Delevingne,Caradelevingne,9462619,Wed Jun 22 12:42:03 +0000 2011
content@gerardpique.com,Gerard Piqué,3gerardpique,20165378,Wed Dec 08 13:20:43 +0000 2010
admin.dicom@justice.gouv.fr,Ministère de la Justice,justice_gouv,196384,Thu Aug 22 08:34:59 +0000 2013
sundar@gmail.com,Sundar Pichai,sundarpichai,4028991,Wed Mar 12 05:51:53 +0000 2008
chamath@gmail.com,Chamath Palihapitiya,chamath,1540845,Tue Apr 03 06:02:29 +0000 2007,+16505045412
linus@linusmediagroup.com,Linus Tech Tips,LinusTech,1501341,Wed Nov 02 19:04:43 +0000 2011
scott.morrison.mp@aph.gov.au,Scott Morrison,ScottMorrisonMP,599924,Wed Apr 22 00:51:17 +0000 2009
v@buterin.com,vitalik.eth,VitalikButerin,2954624,Sun May 08 16:03:03 +0000 2011
piers.morgan1@btinternet.com,Piers Morgan,piersmorgan,8000666,Tue Nov 16 09:37:44 +0000 2010
maggie.masetti@nasa.gov,NASA Webb Telescope,NASAWebb,582110,Tue Apr 07 15:40:56 +0000 2009
aafotouh1@gmail.com,عبدالمنعم أبو الفتوح,DrAbolfotoh,3222390,Sat Apr 09 08:00:55 +0000 2011
whitney5@mac.com,Whitney Cummings,WhitneyCummings,1444339,Wed Apr 01 06:11:05 +0000 2009,+13236464512
alkhodairy63@hotmail.com,أ.د.فهد الخضيري,DrAlkhodairy,1019212,Thu Aug 11 00:10:12 +0000 2011
arbaazkhanproduction@gmail.com,Salman Khan,BeingSalmanKhan,43109089,Tue Apr 13 02:56:21 +0000 2010
jpoorten@nba.com,NBA,NBA,34746692,Mon Feb 02 19:04:42 +0000 2009
mendeswork1@gmail.com,Shawn Mendes,ShawnMendes,26646031,Sat Sep 24 22:29:41 +0000 2011
wardell.curry30@gmail.com,Stephen Curry,StephenCurry30,15586059,Tue May 26 04:15:37 +0000 2009
ginger.zee@gmail.com,Ginger Zee,Ginger_Zee,2288381,Thu Oct 22 00:02:08 +0000 2009,+13122138966

User also disclosed the complete use case for the data he is selling.

Use case for this breach:
SIM swap
Crypto scams
BEC scams
Phishing accounts or crypto users
Selling verified, rare username, and special usernames
Make xxx, xxx $ by doing crypto scams https://www.bleepingcomputer.com/news/security/verified-twitter-accounts-hacked-in-580k-elon-musk-crypto-scam/

find private emails for employees and send malware to, for example IT employee laptop and once hacked they can pivot once he connects the laptop to the company network

And for any other government if you are reading this you can simply buy this data and you spy at citizens you want also you can track their location by sending them an email for example to @DrAbolfotoh his scraped email is aafotouh1@gmail.com the email must contain a GIF image that when the victim open it can grab his IP address and thus tracking him
Or just find their phone numbers from here and send them your Pegasus exploit or any other to target them without leaving a trace.

You can get a lot of $ by contacting, phishing og usernames like @x and verified accounts, then selling them, twitter is the biggest platform for nft and crypto so this data is 10x more valuable than any other platform

You can also compare the usernames from for example @ledger @metamask @coinbase or @exodus_io or users that have .eth in their name and then you will have an email list that you know is super targeted for example you can send phishing emails with a stealer malware or make fake website with 12-word secret recovery phrase grabber so you can drain their wallets easily, you can even search emails in this data breach
Through leaked Databases to get home_address, passwords and other info you may like of potential people who lets say follow ledger or Coinbase (the ledger data leak that was sold for xxx, xxx $ it only had 9,500 home_address and emails on it)

I mean what you can do with this data is amazing

Information

Submitted by: Smoke2Much

Insert date: Dec 24, 2022

Last update: Dec 24, 2022

Share this data breach

Twitter Reddit Pinterest Tumblr WhatsApp Email Link

Copy Link with bb code

Copy Link raw