EDITOR'S NOTE: The big Facebook and Cambridge Analytica scandal has made social media and other big tech or big data companies icons of suspicion and scorn. There was so much focus on the deceptive goings-ons of the industry that perhaps we forgot about the other bad actors in the space. Recently, Ireland’s privacy regulator discovered a data breach of 400 million Twitter users whose private data are being sold on the dark web. Let’s just assume that the era of digital privacy has long gone. Whatever you post on the web will likely be permanent, and all of the information associated with your account will be accessible to legal and illicit parties alike. Don’t put your financial assets in this same vulnerable situation. Cold storage of hard assets that cannot be digitally or nominally affected is the best form of financial protection you can possess. Physical gold and silver are neither hackable nor erodible. Everything else is fair game to those who can access or manipulate it.
Ireland’s privacy regulator today announced that it will examine a recently disclosed data breach that may affect more than 400 million Twitter Inc. users.
The Data Protection Commission, or DPC, is already investigating the company over a previous breach. The latter incident, which took place in November, involved hackers leaking information belonging to 5.4 million Twitter users.
Earlier this week, reports emerged that the data of more than 400 million Twitter users had been put up for sale on a hacker forum. The compromised data is said to include the affected users’ names, phone numbers, usernames, follower counts and account creation dates. The hacker behind the breach demanded $200,000 to hand over the information and delete it.
The hacker also publicly released the data of more than 1,000 users. The users reportedly include politicians, celebrities and other public figures.
The data was reportedly stolen using a flaw in one of Twitter’s application programming interfaces. The flaw was introduced into the API through a faulty software released in 2021. It enabled hackers to learn the phone numbers and email addresses associated with specific Twitter accounts.
Earlier this year, the flaw was used to steal information belonging to 5.4 million Twitter users. Ireland’s Data Protection Commission recently launched a probe into Twitter’s response to the incident. The DPC indicated today that it will expand the scope of the inquiry to include the latest data breach disclosed this week.
“Reports have claimed that some additional datasets have now been offered for sale on the dark web,” the regulator said in a statement to the BBC. “The DPC has engaged with Twitter in this inquiry and will examine Twitter’s compliance with data-protection law in relation to that security issue.”
The DPC earlier sought information from Twitter about the potential impact of the company’s recent layoffs on its ability to meet privacy obligations. The layoffs affected more than half of Twitter’s workforce, including members of its policy, safety and privacy teams. The DPC stated late last month that “so far we’re getting answers to our questions.”
The DPC is responsible for supervising Twitter’s privacy practices because the company’s European Union head office is located in Ireland. For the same reason, the regulator also oversees many other major tech firms that maintain their EU offices in Ireland. The group includes Meta Platforms Inc., which has received two fines totaling €625 million from the DPC over the past year for failing to comply with the EU’s GDPR privacy law.
Originally published by Maria Deutscher at SiliconANGLE