Former PM caught up in alleged hack of 400 million Twitter users
Former prime minister Scott Morrison is one of 400 million Twitter users caught up in a security breach by an alleged hacker.
Former prime minister Scott Morrison is one of many public figures stung in an alleged security breach in which a hacker has claimed to have obtained the data of 400 million Twitter users.
Mr Morrison’s parliamentary email address, along with his username and a phone number linked to his Twitter account, were included in the information dump, posted on a forum just days before Christmas.
In a chilling twist, the forum is the same one used by the Optus hacker who attempted to extort the data of millions of Australians.
In the post on the forum – used by hackers and for information dumping – the alleged hacker said he was selling the data of 400 million Twitter users he claimed was “scraped via a vulnerability”.
Mr Morrison’s details are listed in the post, alongside those of the likes of former US president Donald Trump, British broadcaster Piers Morgan and US politician Alexandria Ocasio-Cortez.
No passwords appear to have been leaked.
“Twitter or Elon Musk if you are reading this you are already risking a GDPR fine over 5.4m breach imaging the fine of 400m users breach,” the alleged hacker wrote.
“I will advice (sic) you, Your best option to avoid paying $276 million USD in GDPR breach fines like facebook did … is to buy this data exclusively.”
The alleged hacker claimed the data was “completely private”.
However, Mr Morrison’s parliamentary email was listed in the information dump, despite it being publicly available on his Parliament House web page.
Mr Morrison’s office was contacted for comment.
Israeli cyber intelligence agency Hudson Rock responded to the issue on Christmas Eve, saying it was not possible to verify whether 400 million unique accounts had been compromised.
“From an independent verification the data itself appears to be legitimate and we will follow up with any developments,” the firm tweeted on Christmas Day.
BREAKING: Hudson Rock discovered a credible threat actor is selling 400,000,000 Twitter users data.
— Hudson Rock (@RockHudsonRock) December 24, 2022
The private database contains devastating amounts of information including emails and phone numbers of high profile users such as AOC, Kevin O'Leary, Vitalik Buterin & more (1/2). pic.twitter.com/wQU5LLQeE1
But in another twist, Hudson Rock days later confirmed Piers Morgan’s account had been hacked.
“This is likely not a coincidence: the reveal of the email address may have been just what the hacker needed to find passwords for the account, or social engineer his way,” it said.
The new threat comes months after a massive cybersecurity breaches rocked Optus and healthcare provider Medibank.
The bizarre Optus breach involved a hacker claiming he had stolen the details of 10 million current and former customers, before releasing the information of 10,000.
He then apologised and backed down from his attempts to solicit millions from the government.
Earlier this month, Russian hackers posted the private data of customers in a series of posts, with the company refusing to agree to a ransom demand from the hackers.
Originally published as Former PM caught up in alleged hack of 400 million Twitter users
AFL racism scandal claims club boss
The toll of the drawn-out racism scandal involving Hawthorn and former staff has resulted in the resignation of the club’s chief executive.
‘Tortured’ dad confessed abuse, court hears
An accused vigilante killer told police a young dad “confessed” to sexually abusing children while being tortured, a jury has heard.