In another incident of the on-going Twitter saga, an alleged data breach has taken place at the social media platform. According to a report, a ‘threat actor’ has allegedly put around 400 million Twitter users’ data for sale on the dark web.
As per a report by Hudson Rock, the ‘threat actor’ or hacker under scanner has reportedly put personal information of many accounts up for sale. These include phone numbers, email ids and other information of some very famous accounts as well.
A tweet by Hudson Rock reads, “Hudson Rock discovered a credible threat actor is selling 400,000,000 Twitter users data. The private database contains devastating amounts of information including emails and phone numbers of high profile users such as AOC, Kevin O'Leary, Vitalik Buterin & more (1/2).”
BREAKING: Hudson Rock discovered a credible threat actor is selling 400,000,000 Twitter users data.— Hudson Rock (@RockHudsonRock) December 24, 2022
The private database contains devastating amounts of information including emails and phone numbers of high profile users such as AOC, Kevin O'Leary, Vitalik Buterin & more (1/2). pic.twitter.com/wQU5LLQeE1
Going by the username Ryushi, the threat actor has reportedly also posted a sample database of about 1,000 Twitter users and their private information. As per the post, some famous accounts like Alexandria Ocasio-Cortez, Kevin O'Leary, Donald Trump Jr, Sundar Pichai, account of India’s Information and Broadcasting Ministry and so on, can also be seen there.
In addition to this, as per a report in the Economic Times, the threat actor has also asked Twitter’s new boss Elon Musk to come forward and negotiate the ownership of this data. “Twitter or Elon Musk, if you are reading this, you are already risking a GDPR fine over 5.4 million breach. Imagine the fine for a 400 million users breach....... Your best option to avoid paying $276 million in GDPR breach fines like Facebook did (due to 533 million users being scraped) is to buy this data exclusively,” wrote the threat actor as per the ET report.
Hudson Rock, while putting out a caution also wrote, “In the post, the threat actor claims the data was obtained in early 2022 due to a vulnerability in Twitter, as well as attempting to extort @ElonMusk to buy the data or face GDPR lawsuits..... Please Note:At this stage it is not possible to fully verify that there are indeed 400,000,000 users in the database. From an independent verification the data itself appears to be legitimate and we will follow up with any developments.”