Skip to content

Twitter Data of 400 Million Users Reportedly For Sale on the Black Market

Hudson Rock, a cybercrime intelligence firm, has reported a "credible threat" of a private database containing the contact information of 400 million Twitter users being up for sale on the black market.

Connected Data Points
Connected Data Points

The database includes the emails and phone numbers of high-profile users such as Alexandria Ocasio-Cortez, Kevin O'Leary, and Vitalik Buterin. It is believed that the data was obtained in early 2022 due to a vulnerability in Twitter and the hacker is attempting to extort Elon Musk to buy the data or face GDPR lawsuits. DeFiYield, a web3 security firm, verified that the data is real after examining a sample of 1,000 accounts provided by the hacker.

Potential Implications of the Data Breach

If the data breach is true, it could be a significant cause for concern for Crypto Twitter users, particularly those who operate under a pseudonym. The leaked data could be used for targeted phishing attempts via text and email, sim swap attacks to gain access to accounts, and doxing of private information.

To protect themselves, users are advised to turn on two-factor authentication, change their passwords and store them securely, and use a private self-hosted crypto wallet.

Previous Data Breaches on Twitter

This is not the first time that a large-scale data breach has occurred on Twitter. In June 2021, there was a "Zero-Day Hack" in which an application programming interface vulnerability was exploited before it was patched in January 2022.

This bug allowed hackers to scrape private information and compile it into databases to sell on the dark web. Two other databases with Twitter user information have also been identified, one containing 5.5 million users and another containing as many as 17 million users.

Steps to Take in Light of the Data Breach

If you are a Twitter user and are concerned about a potential data breach, there are several steps you can take to protect your personal information. Here are a few recommendations:

Enable two-factor authentication: Two-factor authentication adds an extra layer of security to your account by requiring you to enter a code sent to your phone or email in addition to your password when you log in. To turn on two-factor authentication on Twitter, go to your account settings and click on the "Security and privacy" tab.

Change your passwords: It's a good idea to change your passwords regularly, especially in the wake of a potential data breach. Choose strong, unique passwords for all of your accounts and store them securely. Avoid using the same password for multiple accounts, and consider using a password manager to help you keep track of your passwords.

Use a private self-hosted crypto wallet: If you use a self-hosted crypto wallet, you can keep your cryptocurrency secure even if your personal information is compromised. Be sure to use a wallet with strong security measures in place, such as multi-factor authentication and secure backup options.

Be cautious of phishing attempts: After a data breach, it's common for hackers to try to trick users into revealing more personal information through phishing attacks. Be on the lookout for suspicious emails or texts that ask you to click on a link or enter your login information. If you receive a message that seems suspicious, do not click on any links or enter any personal information. Instead, verify the authenticity of the message with the sender directly.

What to Do If You Believe Your Data Has Been Compromised

If you believe that your personal information has been compromised in the data breach, there are a few steps you can take to protect yourself:

Change your passwords: As mentioned above, it's a good idea to change your passwords after a data breach. Choose strong, unique passwords and store them securely.

Monitor your accounts: Keep an eye on your accounts and be on the lookout for any suspicious activity. If you notice anything unusual, contact the relevant company or service immediately.

Report the breach: If you believe that your personal information has been compromised, it's important to report the breach to the relevant authorities. In the U.S., you can report a data breach to the Federal Trade Commission (FTC).


The potential data breach on Twitter is a reminder of the importance of protecting your personal information online. By enabling two-factor authentication, changing your passwords regularly, and being cautious of phishing attempts, you can help keep your accounts and personal information secure. If you believe your data has been compromised, be sure to report the breach and take steps to protect yourself.