Hacker claims to be selling Twitter data stolen from 400 million users

0

A hacker claims to have collected over 400 million unique users’ data with a now-fastened API vulnerability on Twitter in 2021. As reported by Bleeping Computer system, the risk actor named “Ryushi” on the Breached hacking forum is asking $200,00 for an exclusive sale.

They have currently warned Elon Musk’s Twitter as “they must obtain the information ahead of it potential customers to a massive fantastic less than Europe’s GDPR privacy regulation.”

“Twitter or Elon Musk if you are looking at this you are now jeopardizing a GDPR wonderful above 5.4m breach imaging the wonderful of 400m consumers breach supply,” wrote Ryushi in a forum submit. “Your finest choice to stay clear of paying $276 million USD in GDPR breach fines like Fb did (due to 533m end users being scraped) is to invest in this info exclusively.” 

In the submit, the hacker points out how this details can be applied for phishing attacks and other cons. Ryushi says they ended up in a position to gather community and personal Twitter facts, this sort of as users’ e-mail addresses, names, usernames, follower rely, creation date, and cellular phone figures. Even though most of this facts can be identified on line, cell phone quantities and electronic mail addresses are private information and facts.

Ryushy obtained information from 37 celebrities, together with Alexandria Ocasio-Cortez, Donald Trump JR, Mark Cuba, Kevin O’Leary, and Piers Morgan, Bleeping Laptop stories. The hacker informed the publication that they are “attempting to sell the Twitter data solely to a one man or woman/Twitter for $200,000 and will then delete the details. If an exclusive order is not manufactured, they will promote copies to many individuals for $60,000 for each sale.”

Track record

The hacker has advised the publication they have gathered this details by exploiting a vulnerability previously connected with a 5.4 million consumer details breach and mounted in January 2022. Bleeping Computer system was able to verify two of the leaked Twitter profiles. Hudson Rock, an analyst of a thread intelligence company, explained the leaked samples “appear legitimate” although he could not “fully verify that there are in fact 400,000,000 users in the database.”

The hacker claimed they experienced tried out to contact Twitter but did not obtain an respond to. If Twitter doesn’t buy this info, it will probable bring one more concern to Elon Musk’s enterprise – even if this time, he didn’t lead to this.

Leave a Reply