An anonymous hacker group claims that hundreds of thousands of emails were hacked from palm oil and mining companies from Indonesia.
The affected companies are PT Rea Kaltim Plantations and Jhonlin Group. This information was revealed by the owner of the Twitter account @YourAnonTV on Thursday (28/7/2022) yesterday.
“Anonymous released 314,055 hacked emails (277 GB) from PT Rea Kaltim Plantations and Group, an Indonesian palm oil company that has been the subject of numerous protests, conflicts and allegations of human rights violations. Data available on #DDoSecrets, ” wrote @YourAnonTV, quoted Friday (29/7/2022).
DDoSecrets (Distributed Denial of Secrets) itself is a nonprofit website for news leaks founded in 2018. This site is often referred to as the successor to WikiLeaks, due to its June 2020 publication of a large collection of internal police documents, known as BlueLeaks.
In addition, @YourAnonTV also said that 600,000 emails were hacked (513 GB) from the Jhonlin Group, a mining and oil palm plantation conglomerate.
“Anonymous released over 600,000 hacked emails (513 GB) from the Jhonlin Group, a mining and oil palm plantation conglomerate,” he tweeted.
They say the conglomerate is known to use police to intimidate journalists and activists.
To ensure that this information is correct, the Liputan6.com team continues to contact PT Rea Kaltim Plantations and Jhonlin Group to get further confirmation.
Previously, Twitter also suffered a data breach after cybercriminals exploited a weakness in the social media platform.
Taking advantage of a vulnerability in Twitter, hackers were able to steal a database containing phone numbers and email addresses belonging to 5.4 million accounts.
Quoting BleepingComputer, Saturday (23/7/2022), currently the data for 5.4 million Twitter accounts is being sold on a hacking forum for USD 30,000 or around Rp. 450 million.
The hacker nicknamed “The Devil” said on the Stolen Data Marketplace that the database he stole contained information about various accounts, including celebrities, companies and random users.
“Hi, today I’m showing you data collected through exploits from some Twitter users. (5,485,636 users to be exact),” wrote a thread on the forum.
“These users range from celebrities to corporate, random, OG, etc,” added The Devil. The perpetrator said there were several buyers interested in buying the Twitter user data.
As reported by Restore Privacy, the vulnerability used to collect data is the same as that disclosed to Twitter via HackerOne on January 1 and fixed on January 13.
“This vulnerability allows any party without authentication to get the Twitter ID (which is almost the same as getting the account username) of any user by sending a phone number/email,” said security researcher ‘zhirinovskiy ‘.
“The bug exists because of the authorization process used in the Twitter Android Client, especially in the process of checking for duplicate Twitter accounts.”
However, Devil told BleepingComputer they are not affiliated with zhirinovskiy and have never used HackerOne.
“I don’t want white hathackers (good hackers) in the matter of who reported it on H1. I think a lot of people tried to link him with me, I would be angry if I were him,” the perpetrator told BleepingComputer.
Furthermore, Twitter has not confirmed any data breach cases at this time, saying they are investigating the authenticity of the claims.
“We received a report of this incident several months ago via the bug bounty program, immediately thoroughly investigated and fixed the vulnerability,” Twitter wrote to BleepingComputer.
“As always, we’re committed to protecting the privacy and security of people who use Twitter. We’re grateful to the security community involved in our bug bounty program for helping us identify potential vulnerabilities like these.”
However, BleepingComputer verified that some registered Twitter users in the small sample of data shared by hackers, personal information (email addresses and phone numbers) were accurate.
While most of the data for sale is publicly available, cybercriminals can use email addresses and phone numbers in targeted phishing attacks.
Therefore, all Twitter users should be vigilant when receiving email from Twitter, especially if it asks you to enter login credentials, which users are only allowed to do on Twitter.com.
On the other hand, a Delaware court granted Twitter’s request to speed up the trial of the lawsuit against Elon Musk, after the SpaceX boss declared the company’s acquisition cancelled.
In a preliminary hearing or hearing on Tuesday, local time, Judge Kathaleen McCormick said the trial would be held for five days in October 2022.
“The longer the merger transaction remains in uncertainty, the greater the cloud of uncertainty that surrounds the company,” McCormick, who was present via Zoom because he tested positive for Covid-19, was quoted as saying by the New York Post.
Citing The Verge, Wednesday (20/7/2022), in an oral argument before a judge, Twitter claimed that Musk’s bot argument was in bad faith to back out of the deal, due to a case of acute buyer remorse.
Twitter originally wanted a date for the lawsuit to be September, while Musk had put forward a date for February 2023.
But in the end, the Twitter vs Elon Musk trial will be held for five days in October, or longer than the company proposed. The exact date has not yet been scheduled.