Twitter Data Breach Worse Than Reported | WhatsApp Leak | NCSC Report On Nationally Significant Data Breaches

November 28th

Article by Christopher Lauder, Client Engagement Executive, Rela8 Group

Twitter Data Breach Worse Than Reported

A massive Twitter data breach last year, exposing more than five million phone numbers and email addresses, was worse than initially reported. 9To5Mac has reported that they’ve been shown evidence that the same security vulnerability was exploited by multiple bad actors, and the hacked data has been offered for sale on the dark web by several sources.

It had previously been thought that only one hacker gained access to the data, and Twitter’s belated admission reinforced this impression.

HackerOne first reported the vulnerability back in January, which allowed anyone to enter a phone number or email address, and then find the associated twitterID. A bad actor would be able to put together a single database which combined Twitter handles, email addresses, and phone numbers.

At the time, Twitter admitted that the vulnerability had existed, and subsequently been patched, but said nothing about anyone exploiting it. Restore Privacy subsequently reported that a hacker had indeed used the vulnerability to obtain personal data from millions of accounts. Twitter then confirmed the hack and released a statement:

“In July 2022, we learned through a press report that someone had potentially leveraged this and was offering to sell the information they had compiled. After reviewing a sample of the available data for sale, we confirmed that a bad actor had taken advantage of the issue before it was addressed.”

There were suggestions then that the same personal data had been accessed by multiple bad actors, not just one. As mentioned, 9to5Mac has now seen evidence that this is indeed the case. They were shown a dataset which contained the same information in a different format, with a security researcher stating that it was “definitely a different threat actor”. The source told them that this was just one of a number of files they have seen. The data includes Twitter users in the UK, almost every EU country, and parts of the US.

Bad actors are believed to have been able to download around 500k records per hour, and the data has been offered for sale by multiple sources on the dark web for around $5k.

9To5Mac conclude their article by saying “we would reach out to Twitter for comment, but Musk fired the entire media relations team, so…”

Source - Twitter Breach - CS Hub

Source - Twitter Breach - 9to5Mac

Source - Twitter Breach -

Source - Twitter Breach - Bleeping Computer

At the time, Twitter admitted that the vulnerability had existed, and subsequently been patched, but eventually revealed a hacker had taken advantage of vulnerability. Evidence has now been seen that shows multiple bad actors had exploited the issue.

WhatsApp Leak

On November 16, a bad actor posted an ad on a well-known hacking community forum, claiming they were selling a 2022 database of 487 million WhatsApp user mobile numbers. The dataset allegedly contains WhatsApp user data from 84 countries. The threat actor claims there are over 32 million US user records included.

The records contain information of users from the US (32 million), with another huge chunk of phone numbers belongs to the citizens of Egypt (45 million), Italy (35 million), Saudi Arabia (29 million), France (20 million), and Turkey (20 million). The dataset for sale also allegedly has nearly 10 million Russian and over 11 million UK citizens' phone numbers.

The threat actor told Cybernews they were selling the US dataset for $7,000, the UK – $2,500, and Germany – $2,000.

Such information is mostly used by attackers for smishing and vishing attacks, so it is recommended people remain wary of any calls from unknown numbers, unsolicited calls, and messages.

The information on WhatsApp users could be obtained by harvesting information at scale, also known as scraping, which violates WhatsApp’s Terms of Service. This claim is purely speculative. However, quite often, massive data dumps posted online turn out to be obtained by scraping.

To prevent personal data leaks, regular users should adopt common data security practices. This includes using a high-quality VPN and getting a reliable antivirus program.

WhatsApp on Sunday dismissed the reports claiming that the database containing the mobile phone numbers of nearly 500 million users, was leaked, and put up for sale saying it had found no evidence of a data breach.

A Meta spokesman said the report was “speculative” and based on “unsubstantiated screenshots”, adding the company had not found any evidence of a data leak on WhatsApp systems.

Source - WhatsApp Leak - Security Affairs

Source - WhatsApp Leak - CyberNews

Source - WhatsApp Leak - Marketing Interactive

NCSC Nationally Significant Data Breaches

An official report has revealed that the UK's National Cyber Security Centre (NCSC) has dealt with more than 60 "nationally significant" cyber-attacks over the past year.

The NCSC, part of GCHQ, did not directly specify what the attacks were, but did talk about ransomware attacks against the NHS 111 helpline service and the water utility company, South Staffordshire Water, which triggered national responses.

The UK government also revealed for the first time a previously covert effort to help Ukraine defend itself from cyber-attacks under a programme worth more than £6m. In their annual report the NCSC said:

"Ukrainian authorities - assisted by the NCSC - created strong cyber defences, limiting the impact of Russian operations."

The cyber centre also touched on China. It said Beijing's evolving technological capabilities will likely be the single biggest factor affecting UK cyber security in the future.

According to the report, despite the risk posed in cyber space by foreign states, the biggest threat to the British public and small businesses online is from cyber criminals. This included phishing attacks and the hacking of social media accounts. For example, there were 2.7 million cyber-related frauds in the 12 months to March 2022.

Summing up its work over the past 12 months, the NCSC said its officials managed the response to hundreds of cyber incidents. This included 63 events that it described as "nationally significant".

The full report can be read below.

Source - NCSC Report - NCSC

Source - NCSC Report - Sky News

Despite the risk posed in cyber space by foreign states, the biggest threat to the British public and small businesses online is from cyber criminals
NCSC report
If you want to get in touch then give us a shout