The Twitter account of a researcher identified on Twitter as @ido_cohen2 is gone and their DarkFeed.io web site has an “under maintenance” discover for the previous day. According to a supply, they’ve been scared away for good. Have they been?
Over the previous months, DataBreaches.web has often been contacted by somebody who seems to be a Russian risk actor. Some of the information provided by this particular person has not appeared credible, however a few of it has been, and a current interplay might have predicted what occurred prior to now 24 hours.
On April 12, this supply talked about “ido_cohen2” to me in a Telegram chat. They (the supply) knowledgeable me that somebody was going to pay somebody to make use of EDR requests on Twitter to get researchers’ account data. In the next transcript, DD is “DissentDoe.” I’ve redacted the supply’s identify.
[Redacted]: if ur utilizing a private electronic mail on twitter
[Redacted]: would possibly wanna change it 🙂
[Redacted]: similar with cellphone
[Redacted]: this monkey
[DD]: Someone going to hack me?
[Redacted]: 😂 he’s getting a go to to his home
[DD]: What does that need to do with me?
[Redacted]: ur a researcher
[Redacted]: so theres ur reply
[DD]: So your asshole affiliate goes in spite of everything researchers?
[DD]: (pardon my language)
[DD]: I solely use my area/work … that are public.
[Redacted]: okay good
[Redacted]: twitter subpoenas 😂
[Redacted]: idk why the affiliate is paying somebody to do them
[DD]: Do you might have any concept what number of instances Twitter has been subpoenaed about me? LOL….
[Redacted]: sure 😀
[Redacted]:so it doesnt matter for u
[Redacted]: know any researchers
[Redacted]: who must be unmasked
This morning, the identical supply messaged me:
[Redacted]: your good friend @ido_cohen2
[Redacted]: was scared away 😂
[Redacted]: he’s gone for good
This was not the primary time, although, that ido_cohen2’s username got here up within the context of some risk actors actually hating him. When DataBreaches reported on a rip-off letter allegedly drafted by Groove, this web site didn’t report the researchers’ names that they used. One of them was ido_cohen2’s Twitter identity. DataBreaches reached out to him on the time to alert him that scammers is likely to be utilizing his identify as a part of their rip-off.
So… has ido_cohen2 actually been scared away, and for good? We’ll see. I are likely to doubt it, however it will likely be fascinating to be taught if there actually was an try to make use of an EDR (Emergency Data Request) on Twitter to get researchers’ data.
This put up was edited post-publication for security causes.