horse: OH WE'RE GOING NOW? IT'S TIME TO GO? OKAY LET'S GO LET'S GO

WHOOO ALL RUNNING TOGETHER YEAH! I'M LEADING THE HERD! LET'S GOOO

WARNING: *major* Twitter data breach...

…Whoopee. See the full thread here for details.  (Also here.) Tl:dr; The data of some 400,000,000 Twitter users has been leaked and is being more or less held for ransom. (See the image above, in which Musk is invited to buy the data to take it out of possible circulation and thereby save himself huge GDPR fines.)

Granted, there are some imponderables about this—such as: does the breach-advertiser above really have all the data they say they do? But their published examples have apparently been verified as genuine. …In any case, though, if you’re using SMS for your 2FA with Twitter, probably your best protection is to contact your phone provider and get them to create a PIN for your number, so as to prevent your phone being simjacked by someone who’s bought your data. (It’s not a bad idea to do this anyway, if you’re at risk from this kind of thing… but the current issue adds some urgency. I’ve been using it myself, and would have changed it recently except that, in the wake of the mass firings at Twitter, the app that handled their 2FA went down. Must confirm whether it’s back up again so that I can at the very least change my password, or move my 2FA to Google Authenticator or similar.)

Particularly at risk in this attack: old-style “blue check” users. …So if by chance you’re one of these: please take note, and take action to protect yourself. No telling what’s going to wind up happening to this data in even the medium term.

(ETA: I note in passing—since  I was just going over to take a look at it—that paste.ee has removed one of the “example” files of leaked names as a violation of its TOS. Not really a surprise, I guess…)