Dec 28 2022

400 Million Twitter Users’ Scraped Info Goes on Sale!

Category: Social networkDISC @ 10:51 am

The sample data seen by Hackread.com shows that the sold information also includes records on top celebrities and political figures, such as Democratic Rep. Alexandria Ocasio-Cortez and Bollywood’s Salman Khan.

On December 23, 2022, a threat actor going by the handle “Ryushi” claimed to sell more than 400 million Twitter users’ personal details on BreachedForums, a cybercrime and hacking forum that surfaced as an alternative to the now-seized Raidforums.

As seen by Hackread.com, the sample data attached to the post contains private email addresses, usernames, follower counts, creation dates, and, in certain cases, the user’s phone numbers.

400 Million Twitter Users' Scraped Info Goes on Sale!
Post from the threat actor (Image credit: Waqas – Hackread.com)

The sample data also contains a variety of well-known user accounts including New York Democratic Rep. Alexandria Ocasio Cortez, Ethereum cryptocurrency founder Buterin, Indian actor Salman Khan and cybersecurity reporter Brian Krebs. 

It is worth mentioning that the latest data leak came just one month after a hacker leaked the contact and personal details of over 5.3 million Twitter users online. Both the earlier and latest incidents are now being investigated by Irish authorities.

The threat actor stated in the post that the data had been “scraped via a vulnerability” but did not specify any further details.

Further, they openly advised the CEO of the social media giant, Elon Musk, that he should buy this data directly from the hacker instead of “paying $276 million USD in GDPR breach fines like Facebook did” but does not specify a price at which the data is being sold.

400 Million Twitter Users' Scraped Info Goes on Sale!

Offering to conduct the “deal” through a middleman, the threat actor states, “After that, I will remove this thread and will not sell this info again. And data won’t be sold to anyone else, which will stop a lot of celebrities and politicians from Phishing, Crypto scams, Sim swapping, Doxxing, and other things that will make your users lose trust in you as a company and thus stunt the current growth and hype.”

Researchers who have seen the sample data believe that this alleged data leak is the result of an API flaw which allowed the threat actor to search any email addresses or phone numbers and return a Twitter profile.

This attack followed only months after Twitter entered into a consent order with the US Federal Trade Commission binding it to maintain a privacy and information security program for the next two decades.

The agreement ended a federal investigation into Twitter’s use of phone numbers and email addresses for advertising purposes when they were collected to be used for multi-factor authentication. Twitter also paid a $150 million civil penalty.

Therefore, if this data breach is verified, the impact on Twitter would be drastic both financially and socially. At the time of writing, the data was still up for grabs.

Tags: Twitter, Twitter CISO, Twitter Hack


Nov 27 2022

Nearly 500 million WhatsApp User Records Sold Online

Category: Dark Web,Hacking,Social networkDISC @ 10:06 am

The 2022 database is said to contain WhatsApp user data from 84 countries with Egypt having the largest chunk of stolen phone numbers.

In what is becoming a rather common trend, a threat actor is claiming to sell 487 million WhatsApp users’ mobile phone numbers on a popular hacking community forum which surfaced as an alternative to popular and now-sized Raidforums.

The 2022 database is said to contain WhatsApp user data from 84 countries with Egypt having the largest chunk of stolen phone numbers (45 million), Italy with 35 million, and the US with 32 million. 

The complete list of countries is included in the original report by Cybernews which also contains the exact amount of numbers up for sale. According to the threat actor, they are willing to sell the US dataset for $7000, the UK one for $2500, and the German one for $2000. 

Nearly 500 million WhatsApp User Records Sold Online

Upon being requested, the threat actor also shared a sample of data with researchers who then confirmed that the numbers included in the sample were in fact WhatsApp users. The exact sample contained 1097 UK and 817 US mobile numbers. 

The seller did not reveal their process for obtaining the database and simply said they “used their strategy” to collect the data. Whatever the method used, the damage that can be caused by this leakage should not be taken lightly.

Such data is readily bought by attackers to use for smishing and vishing attacks. It is advised that you cautiously interact with unknown calls, unsolicited calls, and messages. Impersonation and fraud are also common worries associated with mobile number leakage. 

Meta has refused to comment on this for now, while in their report, Cybernews speculates that this information could have been obtained by harvesting information at scale, also known as scraping, which violates WhatsApp’s Terms of Service. 

However, Hackread.com can confirm that, at the time of writing, the listing was deleted from the hacker forum. Another listing was published in which another threat actor is claiming to sell details of WhatsApp users.

Unfriended: Dark Web

Nearly 500 million WhatsApp User Records Sold Online

Tags: dark web, WhatsApp User


Nov 18 2022

Oops! Meta Security Guards Hacked Facebook Users

Category: Social networkDISC @ 1:29 pm

Facebook parent Meta has disciplined or fired at least 25 workers for allegedly hacking into user accounts. Some of the workers were contract security guards, we’re told.

Wait … disciplined or fired? How were they not all fired? And prosecuted? And how come security guards have access to Facebook’s internal account-recovery tools?

All these questions and more will be asked in today’s SB Blogwatch. Please tell me it’s the weekend tomorrow.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Hello there.

‘Oops’ not Even the Half of It

What’s the craic? Kirsten Grind, Robert McMillan, Salvador Rodriguez and Jim Oberman tag team to report—“Employees, Security Guards Fired for Hijacking User Accounts”:

“Workers accepted thousands of dollars in bribes”
Meta … has fired or disciplined more than two dozen employees and contractors over the last year whom it accused of improperly taking over user accounts, in some cases allegedly for bribes. … Some of those fired were contractors who worked as security guards [who] were given access to the Facebook parent’s internal mechanism for employees to help users having trouble with their accounts … known internally as “Oops.”

Oops, an acronym for Online Operations, is supposed to be fairly limited to special cases, like friends, family, business partners and public figures, but its usage has climbed. … In 2020, the channel serviced about 50,270 tasks, up from 22,000 three years earlier.

Tags: Facebook security, Hacked Facebook Users, Meta


Oct 11 2022

The hijab will never be the same

Category: Information Security,Social networkDISC @ 9:28 am
The hijab will never be the same
A WOMAN IN TEHRAN CLIMBED ONTO A CAR AND SET HER HIJAB ABLAZE. “AMIN” WAS JUST FIVE METERS AWAY. (PHOTO CREDIT: TWITTER)

The death of 22-year-old Mahsa Amini in Iran has ignited the most powerful protests the country has seen in years. Authorities there have rolled out a host of new tools to throttle mobile phone connections, block social media sites, and make it harder for people on the ground to organize. Our Click Here team spoke to one man who has been protesting since Amini’s death was announced, and he talked to us about the dangers of using social media and technology while participating in street demonstrations. He asked us not to use his real name because speaking to foreign reporters could get him arrested. Amin talked with us about getting around internet restrictions, the dangers of using social media in Iran, and how protesters handle their passwords.

Our interview with him has been edited and condensed for clarity.

The hijab will never be the same

https://therecord.media/the-hijab-will-never-be-the-same/

Tags: hijab


Jul 26 2022

Twitter hacker touting the data of over 5.4 million users, including celebrities and companies, for $30,000

Category: Information Security,Social networkDISC @ 3:30 pm
A Twitter logo is seen on a computer screen

Over 5.4 million Twitter users have reportedly been targeted in a major breach of personal data following revelations earlier this year that the site had a serious security flaw. 

The security flaw came to light in January, when a user on HackerOne named “zhirinovskiy” pointed out that Twitter was vulnerable to hackers seeking to use information for malicious purposes.

At the time, Zhirinovskiy detailed exactly how to exploit the bug and described it as a “serious threat” even in the hands of those with only a “basic knowledge” of scripting and coding. 

Twitter acknowledged the problem five days later and appeared to have fixed the problem a week after that, when it rewarded Zhirinovskiy with a $5,040 bounty for bringing the vulnerability to its attention. 

A seller with the username ‘devil’ claims that “Celebrities, to Companies, randoms, OGs, etc” are included in the data set and is asking for at least $30,000, RestorePrivacy says. 

A spokesperson from Twitter told Fortune: “We received a report of this incident several months ago through our bug bounty program, immediately investigated thoroughly and fixed the vulnerability.”

The spokesperson added that Twitter was “reviewing the latest data to verify the authenticity of the claims and ensure the security of the accounts in question.”

https://fortune.com/2022/07/26/twitter-user-data-breach-hacker-lists-database-of-5-million-users-for-sale/

Tags: Twitter Hack


Apr 06 2022

Social Media Bots Infographic Set

Category: Social networkDISC @ 5:31 pm

Social Media Bots Infographic – by Cybersecurity and Infrastructure Security Agency

Bots (Digital Media and Society)


Oct 04 2021

Facebook, WhatsApp, and Instagram are down worldwide, it’s panic online

Category: Social networkDISC @ 11:32 am

Users worldwide are not able to access Facebook, Instagram, and WhatsApp services due to a BGP problems. Users attempting to visit the above services are displaying “DNS_PROBE_FINISHED_NXDOMAIN.”

The mobile applications of the social network giant and its Tor hidden services are also not working.

At the time of this writing, it is unclear if the outage is the result of a technical issue or it is the result of a cyber attack against the infrastructure of the social network giant.

Facebook down

Source outage.report

https://twitter.com/WehbeEmilio/status/1445126331675652099?s=20

FB Apps down report from NYT: Facebook and some of its apps go down simultaneously.

WhatsApp, Instagram, Facebook Down Globally, Report Users

Facebook is at it again…

In 2018, Facebook was caught selling our personal data to Cambridge Analytica, a data analysis firm.

It’s hard to say who is more evil and manipulative, Facebook or Cambridge Analytica.

If you’re not familiar with the scandal, Facebook collects massive amounts of data about us every day.

Cambridge Analytica used our personal data against ourselves (Facebook clearly does too).

When you’re on Facebook, you see content in your newsfeed.

That content is not there by accident or coincidence.

The Facebook ALGORITHM puts content in your newsfeed that triggers your emotions.

Facebook algorithm supports hateful and polarizing contents

Whistleblower: ☝️ Facebook will lose money if they fix algorithm. And they know it


The more polarizing the content, the more you will read.

The longer you stay on Facebook, the more ads you see and the more money Facebook makes…

Facebook and the Power of Big Data and Greedy Algorithms

Facebook AI Algorithm

Tags: #FacebookDown, #FacebookIsDown, Facebook AI algorithm, Facebook algorithm, Facebook down, facebookdownglobally, instagram, whatsapp


Aug 16 2021

Copyright scammers turn to phone numbers instead of web links

Category: Smart Phone,Social networkDISC @ 9:41 am

Copyright scams aren’t new – we’ve written about them many times in recent years.

These scammers often target your Facebook or Instagram account, fraudulently claiming that someone has registered a complaint about content that you’ve posted, such as a photo, and telling you that you need to resolve the issue in order to avoid getting locked out of your account.

The problem with copyright infringement notices is that if they’re genuine, they can’t just be ignored, because social media sites are obliged to try to resolve meaningful copyright complaints when they’re received.

To discourage bogus complaints and reduce harrassment – and if you are a content producer or influencer yourself, with an active blog, video or social media account, you will probably have had many well-meaning but ill-informed complaints in your time – sites such as Facebook, Instagram, Twitter and the like don’t put the complainant directly in touch with you.

The process usually goes something like this:

  • The complainant makes their claim to the service provider concerned. The service provider expects them to give full contact details, in order to discourage anonymous harasssment.
  • If the claim seems to hold water, the service alerts you, without giving your details to the complainant, and invites you to defend or to accept the complaint. (Obviously bogus claims, such as complaints about an images or video content in an article that is all text, shouldn’t go any further.)
  • If the claim is incorrect, you can repudiate it, for example by stating that you took a photo yourself or by showing a licence you acquired for a music clip.
  • If you don’t wish to contest the claim, you are usually expected to remove the allegedly infringing material promptly, and report that you have done so.

In either case, assuming that the service provider considers the case resolved, it’s then closed without the complainant getting to contact you directly, and without you needing to deal directly with the complainant in return.

Scam Me If You Can: Simple Strategies to Outsmart Today’s Rip-off Artists

Tags: Copyright scammers, Phone scams, Scam Me If You Can


Apr 30 2019

Facebook funds research on the impact of social media on elections

Category: Social networkDISC @ 3:11 pm

Impact of social media on elections

Facebook is going to fund academic research on the impact of social media on elections, aimed at preventing manipulation of these platforms.

Source: Facebook funds research on the impact of social media on elections


 Subscribe in a reader





Aug 02 2011

Social Media Stalking

Category: Social networkDISC @ 9:25 pm





Mar 03 2011

Facebook Account Hack: Spam 80,000 friends

Category: social engineering,Social networkDISC @ 1:05 pm

by Sandy Sidhu

Social media is hot. 140 characters is the way to communicate these days and it’s not unusual to hear someone say, “I have 3000 friends.”

We often hear about the success stories, but what about the unsuccessful ones?

Take Jonathan Emile, a Montreal-based hip-hop artist, who has made his living building a fan base online and uses Facebook to communicate with his 80,000 fans. Yeah, you read that right: 80,000.

You can imagine his frustration when last week he was unable to login to his account, leading him to believe his account had been hijacked, likely by a spammer, or a robot software program designed by a spammer. His suspicions were reinforced when he saw someone had used his name to post a link on his fan page site, that Emile said appeared to be malicious: either a virus or spam.

Despite contacting Facebook, he still has not been able to access his account.

So what can you learn from this ?

•Make sure you have other ways to contact and connect with your fans/customers/subscribers, and so on
•Use strong passwords and regularly change them
•Don’t rely on a third party platform to run the bulk of your business!
Facebook and other sites constantly change their Privacy Policies and access rules, not to mention the fact that they may not always be around (remember MySpace?).

Social networking is a great way to reach a new audience, but you have to make sure that you can still communicate with that audience through other means should anything go wrong. It is a good place to get people to interact with you/your company/brand, but you should also encourage your “fans” to either sign up for a newsletter, eBook, and so on, as a way to capture their information and ultimately drive them back to your site, which (hopefully) you own.

Risk management of Facebook – benefits, risks and possible countermeasures