Former prime minister Scott Morrison’s Twitter details leaked in alleged 400M user hack
Former prime minister Scott Morrison is one of many public figures stung in an alleged security breach in which a hacker has claimed to have obtained the data of 400 million Twitter users.
Mr Morrison’s parliamentary email address, along with his username and a phone number linked to his Twitter account, were included in the information dump, posted on a forum just days before Christmas.
In a chilling twist, the forum is the same one used by the Optus hacker who attempted to extort the data of millions of Australians.
In the post on the forum – used by hackers and for information dumping – the alleged hacker said he was selling the data of 400 million Twitter users he claimed was “scraped via a vulnerability”.
Mr Morrison’s details are listed in the post, alongside those of the likes of former US president Donald Trump, British broadcaster Piers Morgan and US politician Alexandria Ocasio-Cortez.
No passwords appear to have been leaked.
“Twitter or Elon Musk if you are reading this you are already risking a GDPR fine over 5.4m breach imaging the fine of 400m users breach,” the alleged hacker wrote.
“I will advice (sic) you, Your best option to avoid paying $276 million USD in GDPR breach fines like facebook did … is to buy this data exclusively.”
The alleged hacker claimed the data was “completely private”.
However, Mr Morrison’s parliamentary email was listed in the information dump, despite it being publicly available on his Parliament House web page.
Mr Morrison’s office was contacted for comment.
Israeli cyber intelligence agency Hudson Rock responded to the issue on Christmas Eve, saying it was not possible to verify whether 400 million unique accounts had been compromised.
“From an independent verification the data itself appears to be legitimate and we will follow up with any developments,” the firm tweeted on Christmas Day.
But in another twist, Hudson Rock days later confirmed Piers Morgan’s account had been hacked.
“This is likely not a coincidence: the reveal of the email address may have been just what the hacker needed to find passwords for the account, or social engineer his way,” it said.
The new threat comes months after a massive cybersecurity breaches rocked Optus and healthcare provider Medibank.
The bizarre Optus breach involved a hacker claiming he had stolen the details of 10 million current and former customers, before releasing the information of 10,000.
He then apologised and backed down from his attempts to solicit millions from the government.
Earlier this month, Russian hackers posted the private data of customers in a series of posts, with the company refusing to agree to a ransom demand from the hackers.