back to article Stolen info on 400m+ Twitter accounts seemingly up for sale

A miscreant this Christmas weekend said they are willing to sell public and private info on more than 400 million Twitter accounts. This data is said to include info that anyone can find out – follower counts, account creation date, etc – as well as private details, such as email addresses and phone numbers of tweeters. The …

  1. Anonymous Coward
    Anonymous Coward

    So good news and bad news then.

    Bad news is that 400M people had their details exposed, and for once that's not a Musk cockup.

    The good news is that Piers Morgan allegedly had his account breached - at least, that's what he says. Could just have been the result of tweeting after a party with some interesting substances. No, wait, that's most of his normal writing, my bad..

    Happy New Year all, and I wish you all a 2023 that's better than this year has been..

    1. Anonymous Coward
      Anonymous Coward

      Re: So good news and bad news then.

      Jeremy Clarkson has also been hacked and a stream of offensive, tasteless and puerile tweets - has temporarily ceased.

    2. anothercynic Silver badge
      Angel

      Re: So good news and bad news then.

      Couldn't happen to a nicer bloke... really. Honest. Pinky swear. Ditto Clarkson. Such a nice person. And so on.

  2. JimboSmith Silver badge

    Hacked?

    Are we totally, absolutely, completely, definitely, 100% sure Piers had his Twatter account cracked/hacked?

    I just realised that I did sign up to Twatter many years ago. If the hackers have got the details from that account, then they’re looking at a defunct Gmail account, a pay phone number from the end of a road where I briefly used to live and a false name. Good luck using any of that and best of luck to everyone else who may have been hacked though.

    1. Anonymous Coward
      Anonymous Coward

      Re: Hacked?

      It’s so nice to read:

      “@piersmorgan hasn’t Tweeted

      When they do, their Tweets will show up here.”

      even if it isn’t true. Cue the Piers fan to downvote me as he did to the two other people.

      1. Graham Dawson Silver badge

        Re: Hacked?

        He has fans?

        1. Fruit and Nutcase Silver badge

          Re: Hacked?

          Probably Clarkson is #1 fan

          1. Anonymous Coward
            Anonymous Coward

            Re: Hacked?

            Clarkson and Morgan were at war for years but at some point they sort of made up - initiated by Clarkson.

            Morgan was later irritated that him getting hit badly had no consequences (or could possibly have led to a knighthood - which personally I would have agreed with), but Clarkson hitting a BBC producer immediately resulted in him getting the sack.

        2. TeeCee Gold badge

          Re: Hacked?

          What do you think his shit hits?

    2. Lil Endian Silver badge

      Re: Hacked?

      If a site wanted details I reckoned were unnecessary for the purpose I used to use the local Job Centre Plus postcode and phone number. (I thought the cop shop would be pushing it a bit!)

      [@AC - here, have a pre-emptive upvote!]

      1. parlei

        Re: Hacked?

        Two options: a BBB "report a scam" hotline, and a premium "service" number.

      2. -maniax-

        Re: Hacked?

        > I thought the cop shop would be pushing it a bit!

        I have a Firefox location fudging add-on installed that tells anyone trying to locate me that I'm at my local police station. It's up to the service trying to locate me to decide if they think I'm working there or held there :p

      3. Anonymous Coward
        Anonymous Coward

        Re: Hacked?

        > details I reckoned were unnecessary for the purpose

        This is the reason I really dislike two factor authentication being increasingly based on sending a text to your phone, it means you have to give a real number (and one that you'll have with you when needed). With an authenticator app you don't need to give away such info but few companies seem to use them now (cost perhaps?).

        NB: if not needed for TFA then there is a number that has been set up for use as a telephonic /dev/null - +44033388888888.

    3. Arthur the cat Silver badge
      Gimp

      Re: Hacked?

      Are we totally, absolutely, completely, definitely, 100% sure Piers had his Twatter account cracked/hacked?

      The tweets didn't mention Meghan Markle once, so it can't have been Morgan sending them.

      [Icon chosen for strange obsession association.]

  3. Dan 55 Silver badge

    400m users

    So we are looking at their entire active user list plus a bit more, because Twitter has 368m monthly active users.

    1. DS999 Silver badge

      Re: 400m users

      I'm sure there are a lot of accounts like mine. I signed up back when Twitter started but ended up moving from Myspace to Facebook and never used Twitter. My account is still there, but I've probably logged in twice in the past decade.

    2. Anonymous Coward
      Anonymous Coward

      Re: 400m users

      Could be journalistic rounding up of numbers - the more primitive tribes amongst us have a problem processing detail.

    3. Nate Amsden

      Re: 400m users

      Why would you think that? Twitter probably has far more than 400m accounts (I'd be surprised if they had less than 1.2 billion including bots/fake accounts/etc), the article does not indicate any of the accounts were active. Likely there are a bunch in the list that were, but maybe it's only 10-20% of "active" accounts. Or maybe a higher number, or a lower number..

  4. b0llchit Silver badge
    Coat

    insert joke here

    <blank />

  5. Ordinary Donkey

    News?

    We knew from the twitter whistleblower that thousands of twitter staffers had root access. Everyone getting leaked should not be a surprise, more so would be people not having changed their password since the news hit.

    1. MachDiamond Silver badge

      Re: News?

      "We knew from the twitter whistleblower that thousands of twitter staffers had root access."

      Root access or just superuser accounts? Thousands with root would be a serious WTF, not that so many Superusers isn't also a problem given that the headcount before the axe fell was under 10,000.

  6. Anonymous Coward
    Anonymous Coward

    Thanks, Elon

    Yet again, everything you touch becomes awful

    1. Pascal Monett Silver badge

      Re: Thanks, Elon

      Come now, Twitter didn't wait for Elon to be awful.

      1. Anonymous Coward
        Anonymous Coward

        Re: Thanks, Elon

        .. and vice versa ..

    2. Piro Silver badge

      Re: Thanks, Elon

      Twitter was awful before he bought it

  7. aerogems Silver badge
    Holmes

    Presumably...

    ... this is related to the guy who was just about to publish a bunch of info on a massive data breach at Twitter, just after Twitler took over, when his account was mysteriously banned. As I recall, he claimed to have contacted a small sample of people to verify the info.

  8. Winkypop Silver badge
    Devil

    Sluice Gates of Hell

    Another fresh turd for the Twitter sewer.

  9. T. F. M. Reader
    Coat

    Musk should buy it

    One can probably figure out how many of those 400M+ accounts are bots. If the result is noticeably above 5% then can he demand $44B back based on a) misrepresentation, b) cybersecurity incompetence?

    The one with a folded piece of paper saying "393.5M bots" in the p[ocket, please... --->

    1. Gene Cash Silver badge

      Re: Musk should buy it

      No, a lot aren't bots, at least the ones I follow.

      Twitter is like YouTube. It can be like traipsing through a sewer if you're lazy, or you can actually find people that are interesting to listen to.

    2. aerogems Silver badge

      Re: Musk should buy it

      He doesn't have the money. On paper he's worth a lot, but most of that is illiquid Tesla stock which is spoken for as collateral for one loan or another. Probably around 80% of his net worth is tied up in loans, and whatever he has left has been spent servicing the $1bn/mo debt load Twitter has thanks to his leveraged buyout and he chased away around half the advertisers dramatically cutting revenues. With the Tesla stock price collapsing because of his douchebaggery over at Twitter allowing everyone to see that the emperor has no clothes, his ability to self-finance Twitter is not long for this world either. The more stock he has to sell, the more it drives down the price, meaning he has to sell more stock, and it becomes a vicious cycle. He's probably dangerously close to some creditors calling in their markers and demanding payment in full, which he won't be able to do.

      1. Lil Endian Silver badge
        Childcatcher

        Re: Musk should buy it

        He's probably dangerously close to some creditors calling in their markers and demanding payment in full, which he won't be able to do.

        Won't someone think of the poor horse!

      2. Fruit and Nutcase Silver badge
        Alert

        Re: Musk should buy it

        "Tesla stock marks lowest close in years as investors worry about Musk’s focus"

        https://www.theguardian.com/technology/2022/dec/27/tesla-stock-drops-lowest-close-years-elon-musk

        Ouch!

        "Analysts have raised the possibility of Musk being asked to step down as executive at Tesla over his actions at Twitter, as he is already facing a lawsuit over his alleged failure to focus on Tesla due to outside ventures."

        1. Anonymous Coward
          Anonymous Coward

          Re: Musk should buy it

          Yup. He's in Tesla's board and it's a publicly traded company so there is plenty of scope to go after him for breach of his fidiciary duties, and that will go well beyond just asking him to step down.

          Look at the bright side: at least it gets rid of that "richest man in the world" worship, especially if you replace it with "formerly richest man of the world". That said, it won't stop his fans from still being boring at parties..

        2. Arthur the cat Silver badge

          Re: Musk should buy it

          Analysts have raised the possibility of Musk being asked to step down as executive at Tesla

          It would seem that Tesla's board has a lot of family and friends as members which doesn't bode well for Tesla stock holders.

      3. Anonymous Coward
        Anonymous Coward

        Re: Musk should buy it

        The current covid issues in China are not exactly helping his share price and sales volume either, and the competition is starting to produce decent vehicles too - even the Chinese company Tesla buys its batteries from.

        As for China, the problem with a zero Covid approach is that it only takes one outbreak and you have a again a shutdown which was simply not sustainable, even with their inhuman approach to it. I'm guessing China has decided to fix that now by allowing everyone to get sick which is a rather brutal way to herd immunity, instead of being a tad more progressive and get vaccinations that actually work which then won't risk this volume of people acting as a giant petri dish breeding new variants to which we have as yet no working vaccines..

        In any case, it'll be a mess for quite a few months to come and I fear quite a few people will die :(.

    3. Fruit and Nutcase Silver badge
      Joke

      Re: Musk should buy it

      He'll get buyer's remorse and want to back out of the deal soon after

  10. Grunchy Silver badge

    “Cracked” Piers Morgan, huh. I guess I thought you were referring to Piers Morgan on Cracked.com:

    https://www.cracked.com/blog/4-people-who-are-only-famous-because-we-all-despise-them

    1. Lil Endian Silver badge

      I thought it was going to say he'd been sectioned under MHA 1983 (2007)...

      ["editor-turned-whatever-the-fsck-he's-supposed-to-be-now" -- nice one Iain!]

  11. Kevin McMurtrie Silver badge
    FAIL

    The hacker's first sales attempt

    The sample data provided from the leak is the same junk that every criminal telemarketer on Earth is already sharing from hundreds of other breaches. Most of them are running various web services (form pre-fill, tracker-to-tracker handoff, etc.) that are themselves trivially exploitable. No value.

    This twerp is taunting Musk thinking it's going to bring in retirement money. Usually it's best to start small, like selling your used car, to see how the game works.

  12. Anonymous Coward
    Anonymous Coward

    "if they have access to his direct massages"

    The Swedish prime minister should be informed immediately!

    1. Bebu Silver badge

      Re: "if they have access to his direct massages"

      direct massages not a euphemism for extras then?

      1. Fruit and Nutcase Silver badge

        Re: "if they have access to his direct massages"

        What both of them want is regular massaging of their inflated egos

  13. Jou (Mxyzptlk) Silver badge

    No pay, obvious

    Like any pay can guaranty that the data will be 100% scrapped, no other copy, won't be used a second, third, 20 million times.

    1. Pascal Monett Silver badge

      Re: No pay, obvious

      Especially since the fool is offering "exclusivity" to Musk, but already quoting tens of thousands of dollars to individual buyers.

      Sorry bud, that's not how you do things. If you offer exclusivity to someone, you give a time limit. Only when that limit has passed do you start making quotes for everyone else.

      This guy is a rank amateur.

      1. Flocke Kroes Silver badge

        Re: No pay, obvious

        One big pay day does not make any sense. How about a monthly fee for not selling elsewhere that month?

  14. Anonymous Coward
    Anonymous Coward

    Let me get this right - the hacker is threatening Musk to buy back the data, or risk a GDPR fine?

    But now the hack is public knowledge, surely twatter is going to get fined any way. Might as well save a few quid and not pay the hacker. OK, sucks to have a user account (I don't!), but can't see why he would pay out, because I'm sure the hacker is really, really trustworthy!

  15. Anonymous Coward
    Anonymous Coward

    Twitter, Facebook, LinkedIn ..

    When these were becoming "a thing" I signed up with my "other" email address that I used for signing up for shit as part of my job in IT strategy.

    It is a source of constant wonder how much noise these accounts receive, despite not being used for years.

    I swear the fake LinkedIn has had a better career than I have.

    So the moral of this story is to start with a base assumption that at least 30-50% of accounts are fake, dead, or plain simple bots.

    1. GruntyMcPugh

      Re: Twitter, Facebook, LinkedIn ..

      Many years ago I created a test account when we migrated from Lotus Notes to Microsoft Exchange. One morning, the departmental secretary called out the name of the test account as it had mail, and had been invited to a computer show at London Olympia. I didn't get that invite.

  16. Tubz Silver badge

    Would his Muskness be on the hook for the fine or previous ownership be likely to payback some dough ?

    1. Paul Crawford Silver badge

      The company would be on the hook, so now that it is Musk's property he has inherited the problem.

      Now if only he had done some proper due-diligence before offering to buy? Oh wait, he elected not to!

      1. breakfast Silver badge

        I have seen it argued persuasively that the reason he ended up having to go for it regardless was that if he didn't his offer could be the kind of market manipulation that the authorities really frown on in a jail-time sort of way, so he had to borrow the money to buy a platform he didn't want at an overinflated price. I hope this is true, it would add a piquant savour to the general hilarity of his disastrous find-out spree.

        1. Flocke Kroes Silver badge

          Another theory

          Previous Twitter would have had the opportunity to depose Musk. Imagine someone who thinks he is the smartest man in the solar system who cannot keep his mouth shut being asked questions by the best lawyers Twitter could afford - knowing the bills will be paid by Musk's Twitter.

          Timing matches a desperate last minute attempt to avoid this, even at enormous cost. Perhaps somehow one of Musk's lawyers successfully explained what questions might be asked and the consequences for lying - or telling the truth.

  17. Howard Sway Silver badge

    Twitter : the free speech platform

    Also, free celebrity phone numbers, email addresses, etc.................

    Doesn't matter that Musk wasn't the owner when it happened. It's still the same company, and if they have to pay a ginormous fine for the breach, it'll be his Twitter that has to pay it, and his bottom line affected.

  18. ds11

    True Elon fan would have said 420M accounts

    /s

  19. Barry Rueger

    C'mon folks, it's Twitter...

    I like Twitter, and have always found that I can manage it to be useful and not too annoying. Miles ahead of Facebook for instance. However...

    I guess it's the result of several decades on-line, but I have come to accept that nothing on-line is ever entirely secure. No matter how careful you might be, you're relying on other people to run the back-end, and you have no real way of knowing how honest or competent they are. Or who will buy out the company next month and destroy it.

    Consequently I have some things, like banking, that get big-ass complex passwords that I'm confident won't likely be figured out. Others, like the electric bill get something more mid-range. I mean seriously, if someone hacks into my Nova Scotia Energy account what can they really do?

    Beyond that the stuff like Twitter and Facebook get easy to remember, recycled passwords. I've had multiple Facebook and other accounts over the years, and there are no social media sites that I wouldn't happily nuke if they got taken over by some evil-doer.

    And all of this is handled at my end, from my brain, not by hackable outfits like LastPass. Of course I also pay attention to what kind of information is posted to various platforms. Things that I'll exchange over email do not get posted to Facebook or Twitter.

    All of this reflects a belief that none of these companies really care about my privacy or security. 2FA and fingerprint scans are nice, but none of them represent a real change from password practices of two decades ago. They are all still a single point of failure, and one that will inevitably be defeated. The best that we can do is keep the really important stuff off-line, even on paper, so that it can't be stolen.

    And that, ultimately, is the point. Anything that you store on-line is by definition out of your control. You are trusting a person or corporation to take care of your best interests. Thinking that you're being secure is at best naïve, and at worst a recipe for disaster.

  20. Ball boy Silver badge

    Morgan hacked?

    So Piers Morgan, then editor of The Daily Mirror when it was embroiled in a phone-hacking scandal, has had his Twitter account compromised?

    I'm so sorry, atheists, but there does appear to be a God after all.

    1. Arthur the cat Silver badge
      Trollface

      Re: Morgan hacked?

      Nah, it's just that the Universe has a wicked sense of humour.

  21. JoeCool Silver badge

    "miscreant", "scumbag"

    That's harshly judgemental.

    One of the bandied about "principles" of capitalism is that you vote with your wallet, and the related "the uninformed get taken advantage of".

    That's all that's happenning here. Twitter has been stupid on several points, and now they are paying for it.

    Sure, actions following up on that brag would be "illegal" but for most of the corporate world, "illegal" is reduced down to "pay to make it go away".

    It's more like the bacteria infecting the weak.

    1. arctic_haze

      Re: "miscreant", "scumbag"

      It is illegal as long as you are not a billionaire.

  22. IGotOut Silver badge

    Oh no.

    The Irish data protection agency are involved. How will they afford the €1 fine (reduced to 50c upon appeal)?

  23. LateAgain

    How is "hacked and sold" worse than simply "sold" ?

    Or does twitter really not sell user details?

    1. Strahd Ivarius Silver badge
      Devil

      Re: How is "hacked and sold" worse than simply "sold" ?

      the marketing team has already been fired, there is nobody left for selling anything...

  24. mevets

    Christmas time is here...

    Whats the bigger deal?

    Password company

    On the rocks,

    Civil service

    Launches dox.

    Now its time

    To meet again

    Trade insider blocks.

    # (note it is rhtymically the peanuts song...

    1. Michael Strorm Silver badge

      (Yes, way too many lines, but still works)

      Burma Shave.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like