Just when you thought the various Twitter controversies were over, a hacker claims to be selling the data of 400 million users.
The data is said to have been intercepted in 2021 and was obtained using an API vulnerability that has since been fixed.
The actor, who calls himself “Ryushi”, advised Elon Musk and Twitter to buy the data for the asking price of $200,000 or face an even higher GDPR fine.
Twitter data leak 2022
A threat actor who allegedly joined the Breached hacking forum in December 2022 wrote:
“The best option to avoid paying a $276 million fine for violating the GDPR as Facebook did (due to scraping 533 million users) is to purchase this data only… after that I will delete this thread and not sell this data again.”
Sample data of over 1,000 users, including many celebrities, was leaked, including email addresses, usernames, number of followers, creation dates, and phone numbers of some users.
Unless an exclusive sale to Twitter (or another site seeking information) is made for $200,000, the hacker says he will sell the data to multiple buyers for $60,000 each.
Beeping computer (opens in a new tab) reports that the API that caused the vulnerability was fixed in January 2022, however it has been confirmed that it was used by many cybercriminals, exposing over 400 million users to fraud and phishing attacks.
Elsewhere, WhatsApp has come under pressure recently as a data leak leaked the personal information of more than 500 million users, although it is now believed to have been a reuse of an older 2019 Facebook leak.
TechRadar Pro contacted Twitter for further comments on the threat.