Just when you thought the various Twitter controversies were winding down, a hacker claims to be selling the data of 400 million users.
The data is said to have been collected in 2021 and obtained via an API vulnerability that has since been closed.
The threat actor, who calls himself “Ryushi,” has advised Elon Musk and Twitter to buy the data at the asking price of $200,000 or face an even bigger GDPR fine.
Twitter data leak 2022
The threat actor, who appears to have joined the breached hacking forum in December 2022, wrote:
“Your best option to avoid paying $276 million in fines for GDPR violations, like Facebook did (due to 533 million users scraped), is to buy that data exclusively…afterward.” I will delete this thread and not sell this data again.”
Sample data from more than 1,000 users, including a number of celebrities, was leaked, including email addresses, usernames, follower counts, creation dates and some users’ phone numbers.
If an exclusive sale to Twitter (or another party that wants the information) doesn’t go for $200,000, the hacker claims he will sell the data to multiple buyers for $60,000 each.
> These are the best ID theft protection tools to stay safe
> Millions of Twitter users’ data leaked online
> WhatsApp data breach puts nearly 500 million user records up for sale
computer beeps (opens in new tab) reports that the API that caused the vulnerability was fixed in January 2022, but several threat actors have been confirmed to have been using it, putting more than 400 million users at risk of fraud and phishing attacks.
Elsewhere, WhatsApp recently came under pressure when a data breach leaked the personal information of more than 500 million users, although it’s now believed to be a re-use of an older Facebook leak from 2019.
Tech Radar Pro has reached out to Twitter for further comment on the threat.
- Protect yourself with the best firewalls and The best antivirus tools
This article was previously published on Source link
