Former Prime Minister Scott Morrison is one of many public figures affected by an alleged security breach in which a hacker has claimed to have obtained the data of 400 million Twitter users.
Mr Morrison’s parliamentary email address, along with his username and a phone number linked to his Twitter account, were included in the information store published on a forum a few days before Christmas.
In a chilling twist, the forum is the same one used by the Optus hacker who tried to extort millions of Australians’ data.
In the forum post – which is used by hackers and to dump information – the alleged hacker said he was selling the data of 400 million Twitter users who he claimed were “scraped via a vulnerability”.
Mr Morrison’s details are included in the post alongside those of former US President Donald Trump, British broadcaster Piers Morgan and US politician Alexandria Ocasio-Cortez.
No passwords seem to have been leaked.
“Twitter or Elon Musk, if you’re reading this, you’re already risking a GDPR fine of 5.4 million violations if you imagine the fine of 400 million user violations,” the alleged hacker wrote.
“I’ll advise you (sic) that your best option to avoid paying $276 million in fines for GDPR violations, like Facebook did…is to buy that data exclusively.”
The alleged hacker claimed the data was “completely private”.
However, Mr Morrison’s parliamentary email was included in the information dump, despite being publicly available on his Parliament Buildings webpage.
Mr Morrison’s office has been asked for comment.
Israeli cyber intelligence agency Hudson Rock responded to the issue on Christmas Eve, saying it was unable to verify that 400 million unique accounts had been compromised.
“Following independent verification, the data itself appears legitimate and we will follow any developments,” the company tweeted on Christmas Day.
But in a different twist, Hudson Rock confirmed days later that Piers Morgan’s account had been hacked.
“This is probably no coincidence: the email address disclosure may have been just what the hacker needed to find passwords for the account, or a social engineer of his own ilk,” it said.
The new threat comes months after a massive cybersecurity breach rocked Optus and healthcare provider Medibank.
The bizarre Optus breach involved a hacker who claimed he stole the data of 10 million current and former customers before releasing the information of 10,000.
He then apologized and backed down from attempts to solicit millions from the government.
Earlier this month, Russian hackers released customers’ private information in a series of posts, with the company refusing to agree to a ransom demand from the hackers.
Originally credited as a former Prime Minister involved in an alleged hack of 400 million Twitter users