Data Of 400 Million Twitter Users Is On Sale, Hacker Claims

One of the largest Twitter data breaches has resulted in the selling of 400 million Twitter users' personal information on the dark web.

The alleged data dump is being sold by the hacker "Ryushi" on the Breached hacking site exclusively for $200,000, Bleeping Computer writes.

Hacker Warns Elon Musk Of The Repercussions Of The Breach

This information was released just one day after the Irish Data Protection Commission (DPC) said that it was looking into a prior Twitter data leak that affected more than 5.4 million users.

The hacker claims to have exploited a vulnerability to gather information from more than 400 million distinct Twitter users.

They warned Twitter and Elon Musk to buy the data before the GDPR privacy law in Europe imposes a significant fee on them for failing to comply.

"Your best option to avoid paying $276 million USD in GDPR breach fines like Facebook did (due to 533m users being scraped) is to buy this data exclusively," Ryushi says on the forum.

The attacker also included a link to a blog post outlining how other cyber criminals might utilize this information for BEC, crypto frauds, and phishing assaults.

According to Times Now News, the hacker released a sample of the data on one of the hacker sites as evidence that the data is real.

The sample data includes the user's email, name, username, number of followers, creation date, and, in certain circumstances, phone number.

It is also important to note that the hacker posted sample data, which contains information from some extremely well-known user accounts.

The forum post offers sample information about 37 famous people, politicians, journalists, businesses, and government organizations.

Alexandria Ocasio-Cortez, Donald Trump Jr., Mark Cuban, Kevin O'Leary, and Piers Morgan are among the individuals mentioned, in addition to 1,000 Twitter user accounts that were later named.

Read More: Twitter's Latest Data Leak Dates Back to 2021 Breach 

The Recent Data Breach Seems To Be Related To A November Incident

The hacker claimed that they used an API flaw to get the confidential phone numbers and email addresses, Dataconomy reports.

However, this API flaw, which was previously linked to a data breach involving 5.4 million users, was patched by Twitter in January 2022.

Although Twitter closed the issue in January 2022, it has now been established that a number of hackers leveraged it to scrape users' private information.

In regards to this most recent leak, just two of the disclosed Twitter profiles have been verified as legitimate by Bleeping Computer.

Despite this, Alon Gal of the threat intelligence firm Hudson Rock has claimed that it independently validated that the samples appear to be authentic.

Even though this leak is still confidential and is not being sold, a different threat actor claimed to have used the same vulnerability to scrape the data of 17 million users.

As of writing, Twitter has not provided any answers or comments about the questions regarding the alleged sale of data on the Breached hacking forum.

Related Article: Over 5.4 Million Twitter Users' Data Have Been Leaked, Reports Say 

© 2024 iTech Post All rights reserved. Do not reproduce without permission.

Company from iTechPost

More from iTechPost