Twitter co-founders', CEO's personal data leaked on 'darknet'

Twitter co-founders', CEO's personal data leaked on 'darknet'

Summary: It's not uncommon for Pastebin and other sites to host stolen or hacked data on users and high-profile people. But what about on the 'hidden' Internet? Can ignorance be bliss?

TOPICS: Security
(Screenshot: ZDNet/CBS Interactive; via Rift Recon)

The names, addresses, and Social Security numbers of a handful of staff at Twitter — past and present — have been leaked on the so-called "hidden" internet, according to researchers.

According to the researchers, the leaked details included data on Twitter co-founders' Jack Dorsey, Evan Williams, and Noah Glass, along with incumbent chief executive Dick Costolo. Their full Social Security numbers were published, in some cases cell phone numbers and their date-of-birth, and previous postal addresses.

It's not clear where the data came from. However, at the top of the page it suggested the release of the information was in retaliation for suspending a number of accounts on the microblogging service.

"Twitter suspended @doxbin for 'excessive mentions' and then refused to provide any support via the ticket system for the account," it read. 

Perhaps what's more interesting is that this wasn't published — to our knowledge — on the public, searchable web.

The site where this data was found was on a "darknet" site, used by Tor, the anonymous browsing network, which is not searchable by companies like Google or Microsoft. While most search engines remove illegal content, what they can't find they can't do much about.

According to security research firm Rift Recon, which first published the details of this breach: "This practice reduces the ability for you to find out that someone stole or leaked your Social Security Number on a carding forum or a Pastebin-like site: in this climate, only the bad guys know where to go."

The research firm, which specializes in resolving issues related to the darknet, said as take-down requests become more common and routine for search engines, many are taking to Tor-based websites, otherwise known as ".onion" sites, to prevent the information from being yanked from the web.

"The Darknet adds layers of complexity to anything related to discovery," the research firm wrote, noting that the wider Darknet's growth is "explosive."

Following the Edward Snowden disclosures last year, that figure rocketed as privacy-conscious users took to masking their online activity — knowing full well that the US National Security Agency could not fully crack the anonymizing Internet service.

We reached out to Twitter but did not hear back at the time of publication.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • The Golden Rule

    Was Twitter wrong to deny them support? Maybe. But even if they were, this is NOT an appropriate response. Internet vigilantism (like everything else on the internet) is fueled by a childish use of anonymity - that they are using their anonymity to fully deprive someone else of secure personal information is kind of ironic.
    luke mayson
    • that's what Doxbin is all about

      Luke, that is what Doxbin is and does. It is a site above ground and also on tor that posts the personal info on hundreds of thousands of people, so that others can commit crimes against them. Such crimes include fraud, theft, stalking, assault, murder, etc.

      Twitter kicked off some of the Doxbin accounts, but Doxbin is still on Twitter at: and

      The real problem, in my opinion, is that Twitter allows predators to operate their predatory businesses on Twitter. Maybe Dick C was afraid he and his co-workers would be doxed if they did not comply with Doxbin's wishes. Well, they have been doxed, so they have nothing to lose. They should just kick Doxbin off totally.
      Sue Basko
      • sue just go away

        Doxbin has done nothing to violate twitter tos. I really hope you get the help you need already because you dont have a clue
        • Abusive Comment

          TO address the abusive, malicious comment posted by "Tawnik": The post in the screen shot above, which is in the words of the Doxbin admin him/herself, states that the Twitter Term of Service that was violated was "excessive mentions." This is when a Twitter user sends unwanted @ mentions or mentions a person's name without @. If a Twitter user has someone blocked or does not want to be mentioned by a certain user, then mentioning that person's name or tagging them is a violation. This means that Twitter is not supposed to be used to harass, stalk, defame, demean, or discredit anyone, because if any person does not want their name mentioned by a certain user, that user is not allowed to mention their name. Do it too many times and the user's account will be "suspended," that is ended, because of "excessive mentions." I hope you understand the Twitter TOS a little bit better now.
          Sue Basko