Stolen info on 400m+ Twitter accounts seemingly up for sale A miscreant this Christmas weekend said they are willing to sell public and private info on more than 400 million Twitter accounts. This data is said to include info that anyone can find out – follower counts, account creation date, etc – as well as private details, such as email addresses and phone numbers of tweeters. The …
Bad news is that 400M people had their details exposed, and for once that's not a Musk cockup.
The good news is that Piers Morgan allegedly had his account breached - at least, that's what he says. Could just have been the result of tweeting after a party with some interesting substances. No, wait, that's most of his normal writing, my bad..
Happy New Year all, and I wish you all a 2023 that's better than this year has been..
Are we totally, absolutely, completely, definitely, 100% sure Piers had his Twatter account cracked/hacked?
I just realised that I did sign up to Twatter many years ago. If the hackers have got the details from that account, then they’re looking at a defunct Gmail account, a pay phone number from the end of a road where I briefly used to live and a false name. Good luck using any of that and best of luck to everyone else who may have been hacked though.
Clarkson and Morgan were at war for years but at some point they sort of made up - initiated by Clarkson.
Morgan was later irritated that him getting hit badly had no consequences (or could possibly have led to a knighthood - which personally I would have agreed with), but Clarkson hitting a BBC producer immediately resulted in him getting the sack.
> I thought the cop shop would be pushing it a bit!
I have a Firefox location fudging add-on installed that tells anyone trying to locate me that I'm at my local police station. It's up to the service trying to locate me to decide if they think I'm working there or held there :p
> details I reckoned were unnecessary for the purpose
This is the reason I really dislike two factor authentication being increasingly based on sending a text to your phone, it means you have to give a real number (and one that you'll have with you when needed). With an authenticator app you don't need to give away such info but few companies seem to use them now (cost perhaps?).
NB: if not needed for TFA then there is a number that has been set up for use as a telephonic /dev/null - +44033388888888.
So we are looking at their entire active user list plus a bit more, because Twitter has 368m monthly active users.
Why would you think that? Twitter probably has far more than 400m accounts (I'd be surprised if they had less than 1.2 billion including bots/fake accounts/etc), the article does not indicate any of the accounts were active. Likely there are a bunch in the list that were, but maybe it's only 10-20% of "active" accounts. Or maybe a higher number, or a lower number..
"We knew from the twitter whistleblower that thousands of twitter staffers had root access."
Root access or just superuser accounts? Thousands with root would be a serious WTF, not that so many Superusers isn't also a problem given that the headcount before the axe fell was under 10,000.
One can probably figure out how many of those 400M+ accounts are bots. If the result is noticeably above 5% then can he demand $44B back based on a) misrepresentation, b) cybersecurity incompetence?
The one with a folded piece of paper saying "393.5M bots" in the p[ocket, please... --->
He doesn't have the money. On paper he's worth a lot, but most of that is illiquid Tesla stock which is spoken for as collateral for one loan or another. Probably around 80% of his net worth is tied up in loans, and whatever he has left has been spent servicing the $1bn/mo debt load Twitter has thanks to his leveraged buyout and he chased away around half the advertisers dramatically cutting revenues. With the Tesla stock price collapsing because of his douchebaggery over at Twitter allowing everyone to see that the emperor has no clothes, his ability to self-finance Twitter is not long for this world either. The more stock he has to sell, the more it drives down the price, meaning he has to sell more stock, and it becomes a vicious cycle. He's probably dangerously close to some creditors calling in their markers and demanding payment in full, which he won't be able to do.
"Tesla stock marks lowest close in years as investors worry about Musk’s focus"
https://www.theguardian.com/technology/2022/dec/27/tesla-stock-drops-lowest-close-years-elon-musk
Ouch!
"Analysts have raised the possibility of Musk being asked to step down as executive at Tesla over his actions at Twitter, as he is already facing a lawsuit over his alleged failure to focus on Tesla due to outside ventures."
Yup. He's in Tesla's board and it's a publicly traded company so there is plenty of scope to go after him for breach of his fidiciary duties, and that will go well beyond just asking him to step down.
Look at the bright side: at least it gets rid of that "richest man in the world" worship, especially if you replace it with "formerly richest man of the world". That said, it won't stop his fans from still being boring at parties..
Analysts have raised the possibility of Musk being asked to step down as executive at Tesla
It would seem that Tesla's board has a lot of family and friends as members which doesn't bode well for Tesla stock holders.
The current covid issues in China are not exactly helping his share price and sales volume either, and the competition is starting to produce decent vehicles too - even the Chinese company Tesla buys its batteries from.
As for China, the problem with a zero Covid approach is that it only takes one outbreak and you have a again a shutdown which was simply not sustainable, even with their inhuman approach to it. I'm guessing China has decided to fix that now by allowing everyone to get sick which is a rather brutal way to herd immunity, instead of being a tad more progressive and get vaccinations that actually work which then won't risk this volume of people acting as a giant petri dish breeding new variants to which we have as yet no working vaccines..
In any case, it'll be a mess for quite a few months to come and I fear quite a few people will die :(.
The sample data provided from the leak is the same junk that every criminal telemarketer on Earth is already sharing from hundreds of other breaches. Most of them are running various web services (form pre-fill, tracker-to-tracker handoff, etc.) that are themselves trivially exploitable. No value.
This twerp is taunting Musk thinking it's going to bring in retirement money. Usually it's best to start small, like selling your used car, to see how the game works.
Especially since the fool is offering "exclusivity" to Musk, but already quoting tens of thousands of dollars to individual buyers.
Sorry bud, that's not how you do things. If you offer exclusivity to someone, you give a time limit. Only when that limit has passed do you start making quotes for everyone else.
This guy is a rank amateur.
Let me get this right - the hacker is threatening Musk to buy back the data, or risk a GDPR fine?
But now the hack is public knowledge, surely twatter is going to get fined any way. Might as well save a few quid and not pay the hacker. OK, sucks to have a user account (I don't!), but can't see why he would pay out, because I'm sure the hacker is really, really trustworthy!
When these were becoming "a thing" I signed up with my "other" email address that I used for signing up for shit as part of my job in IT strategy.
It is a source of constant wonder how much noise these accounts receive, despite not being used for years.
I swear the fake LinkedIn has had a better career than I have.
So the moral of this story is to start with a base assumption that at least 30-50% of accounts are fake, dead, or plain simple bots.
Many years ago I created a test account when we migrated from Lotus Notes to Microsoft Exchange. One morning, the departmental secretary called out the name of the test account as it had mail, and had been invited to a computer show at London Olympia. I didn't get that invite.
I have seen it argued persuasively that the reason he ended up having to go for it regardless was that if he didn't his offer could be the kind of market manipulation that the authorities really frown on in a jail-time sort of way, so he had to borrow the money to buy a platform he didn't want at an overinflated price. I hope this is true, it would add a piquant savour to the general hilarity of his disastrous find-out spree.
Previous Twitter would have had the opportunity to depose Musk. Imagine someone who thinks he is the smartest man in the solar system who cannot keep his mouth shut being asked questions by the best lawyers Twitter could afford - knowing the bills will be paid by Musk's Twitter.
Timing matches a desperate last minute attempt to avoid this, even at enormous cost. Perhaps somehow one of Musk's lawyers successfully explained what questions might be asked and the consequences for lying - or telling the truth.
Also, free celebrity phone numbers, email addresses, etc.................
Doesn't matter that Musk wasn't the owner when it happened. It's still the same company, and if they have to pay a ginormous fine for the breach, it'll be his Twitter that has to pay it, and his bottom line affected.
I like Twitter, and have always found that I can manage it to be useful and not too annoying. Miles ahead of Facebook for instance. However...
I guess it's the result of several decades on-line, but I have come to accept that nothing on-line is ever entirely secure. No matter how careful you might be, you're relying on other people to run the back-end, and you have no real way of knowing how honest or competent they are. Or who will buy out the company next month and destroy it.
Consequently I have some things, like banking, that get big-ass complex passwords that I'm confident won't likely be figured out. Others, like the electric bill get something more mid-range. I mean seriously, if someone hacks into my Nova Scotia Energy account what can they really do?
Beyond that the stuff like Twitter and Facebook get easy to remember, recycled passwords. I've had multiple Facebook and other accounts over the years, and there are no social media sites that I wouldn't happily nuke if they got taken over by some evil-doer.
And all of this is handled at my end, from my brain, not by hackable outfits like LastPass. Of course I also pay attention to what kind of information is posted to various platforms. Things that I'll exchange over email do not get posted to Facebook or Twitter.
All of this reflects a belief that none of these companies really care about my privacy or security. 2FA and fingerprint scans are nice, but none of them represent a real change from password practices of two decades ago. They are all still a single point of failure, and one that will inevitably be defeated. The best that we can do is keep the really important stuff off-line, even on paper, so that it can't be stolen.
And that, ultimately, is the point. Anything that you store on-line is by definition out of your control. You are trusting a person or corporation to take care of your best interests. Thinking that you're being secure is at best naïve, and at worst a recipe for disaster.
That's harshly judgemental.
One of the bandied about "principles" of capitalism is that you vote with your wallet, and the related "the uninformed get taken advantage of".
That's all that's happenning here. Twitter has been stupid on several points, and now they are paying for it.
Sure, actions following up on that brag would be "illegal" but for most of the corporate world, "illegal" is reduced down to "pay to make it go away".
It's more like the bacteria infecting the weak.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
