400 million Twitter users’ data containing private emails and linked phone numbers have reportedly been up for sale on the black market.
Cybercrime intelligence firm Hudson Rock highlighted a “credible threat” via Twitter on Dec. 24 in which someone is supposedly selling a private database containing contact information of 400 million Twitter user accounts.
“The private database contains devastating amounts of information including emails and phone numbers of high profile users such as AOC, Kevin O'Leary, Vitalik Buterin & more,” Hudson Rock stated, before adding that:
Hudson Rock said that while it has not been able to fully verify the hacker’s claims given the number of accounts, it said that an “independent verification of the data itself appears to be legitimate.”
Web3 security firm DeFiYield also had a look at 1,000 accounts given as a sample by the hacker and verified that the data is “real.” It also reached out to the hacker via Telegram and noted that they are actively waiting for a buyer there.
If found true, the breach could be a significant cause for concern for crypto Twitter users, particularly those who operate under a pseudonym.
However, some users have highlighted that such a large-scale breach is hard to believe, given that the current amount of active monthly users reportedly sits at around 450 million.
At the time of writing, the purported hacker still has a post up on Breached advertising the database to buyers. It also has a specific call to action for Elon Musk to pay $276 million to avoid having the data sold and face a fine from the General Data Protection Regulation agency.
If Musk pays the fee, the hacker says they will delete the data and it will not be sold to anyone else “to prevent a lot of celebrities and politicians from Phishing, Crypto scams, Sim swapping, Doxxing and other things.”
The breached data in question is understood to have come from the “Zero-Day Hack” on Twitter in which an application programming interface vulnerability from Jun. 2021 was exploited before it was patched in January this year. The bug essentially allowed hackers to scrape private info which they then compiled into databases to sell on the dark web.
Alongside this supposed database, two others have previously been identified, with one consisting of around 5.5 million users and another thought to contain as much as 17 million users, according to a Nov. 27 report from Bleeping Computer.
The dangers of having such info leaked online include targeted phishing attempts via text and email, sim swap attacks to get ahold of accounts and the doxing of private information.
People are being advised to take precautions such as making sure two-factor authentication settings are turned on for their various accounts, via an app and not their phone number, along with changing their passwords and storing them securely, and also using a private, self-hosted crypto wallet.
London-based Faes & Company filed a complaint against crypto mining firm Blockware Solutions LLC on Dec. 17, claiming it misrepresented the performance capability of its miners and lacked adequate power access to keep the machines running.
Plaintiffs allege losses of $250,000 and are seeking compensatory and punitive damages.
According to the complaint, the parties entered into contracts in October 2021 for Faes to buy $525,000 worth of Bitcoin miners and related hosting services. As part of the agreement, Blockware would host Faes' miners at one of its server facilities, which it allegedly owns and operates for a monthly hosting fee and energy costs.
The plaintiff alleges that at the time of the agreement, however, Blockware “did not actually own or operate a facility to host the miners and was not capable of doing so reliably.” It also noted:
“Further, to the extent Blockware had access to third-party facilities to host and manage the miners, the facilities lacked reliable power (likely due to a limiting contractual arrangement with their energy supplier), so the operation of the miners was and is regularly subject to interruption or ‘curtailment.’ As a result, Faes’ miners under Blockware’s management and control have experienced prolonged downtime and inoperability due to lack of power, resulting in significant loss of revenue.”
Faes also noted in the complaint that ordered the machines to be delivered and hosted in Blockware’s facilities in January, when a Bitcoin (BTC) was worth over $45,000. The rigs, however, only came online in April. The suit also noted that:
“Problems with downtime began approximately two days after Faes’ miners first came online and have persisted throughout 2022, resulting in numerous complaints and support tickets by Faes. Despite these problems, Blockware hosts and updates a public ‘status page’ that shows persistent high uptime at its facilities, including the Pennsylvania facility where Faes’ miners have been hosted, showing consistent 100% uptime for the preceding 90 days.”
Despite the displayed “100% uptime,” a look at the incident history shows “approximately 50 days of extended power curtailment” at the Pennsylvania facility during September and October, noted the complaint.
Blockware Solutions did not immediately respond to Cointelegraphs’ requests for comments.
Bitcoin mining companies had been hit hard by the crypto winter and a spike in energy costs. Approximately $2.6 billion is owed cumulatively by just the top 10 Bitcoin mining debtors, according to Hashrate Index.
Binance France and its parent company Binance Holdings Limited are being sued by 15 investors in France over alleged misleading commercial practices and fraudulent concealment, according to local media reports.
In a complaint filed on Dec. 14, the plaintiffs claimed that Binance violated French laws by advertising and distributing crypto services before receiving registration from the country's authorities. As reported by Cointelegraph, France's financial market regulator, the Autorité des marchés financiers, has granted Binance a license as a digital asset provider in May 2022. The license allowed the crypto exchange to offer services such as assets custody and crypto trading.
The complaint reportedly contains screenshots showing Binance's social media activity prior to its license, including a Telegram channel dubbed "Binance French". The plaintiffs also claim to have lost over 2.4 million euros following the TerraUSD (UST) collapse, while Binance advertised the token as United States dollar-backed.
In a blog post, Binance France responded to questions about the case. According to it, the company did not conduct any promotional communications in France during the period in question, and noted that "Telegram groups are global community forums", thus allowing users to create and join channels voluntarily.
Binance also addressed questions regarding Terra stablecoin advertisement in the country. The company noted that its communication presents staking with Binance as "safe, and not the underlying tokens." The exchange also noted that it always includes market risk warnings for crypto products, and has further strengthened its descriptions.
As reported by Cointelegraph, a series of dramatic events in May 2022 resulted in an unprecedented decline in the price of the LUNA token and its associated stablecoin TerraUSD (UST), which was designed to maintain algorithmic parity with the United States dollar, but lost its peg and plunged to below $0.30.
This Daily Dose was brought to you by Cointelegraph.