A threat actor is allegedly selling data on 400,000,000 Twitter users that they claim to have gotten. The vendor asserts that the database is confidential, and to support his claims, he gave a sample of 1,000 accounts, some of which contained the private data of well-known individuals like Donald Trump Jr., Brian Krebs, and many more.
The vendor, Ryushi, a user of data breach forums, claims the information was scraped using a vulnerability; it contains emails and phone numbers of famous people, politicians, businesses, regular users, and a large number of OG and unique usernames.
Twitter Users’ Data Is At Risk
In order to avoid GDPR litigation, the vendor is also encouraging Twitter and Elon Musk to purchase the data. “Twitter or Elon Musk is already at risk of GDPR penalties over 5.4 million breaches, picturing the fine of 400 million users breach source if you are reading this. Purchase this data only if you want to avoid having to pay the $276 million USD in fines that Facebook received for violating the GDPR (533 million users were scraped). reads the commercial. It is not yet feasible to independently verify the seller’s claims.
The Data Protection Commission of Ireland began an investigation into Twitter on Friday about a data breach that purportedly affected 5.4 million Twitter users in August.
Alon Gal said that Twitter included a “readers context” in which they claimed that the 5,400,000 people affected by the data leak in August were among the 400,000,0000 Twitter users, but the expert claims that this is untrue.
By contrasting the samples in the current leak with the previous 5.4m version that had already been made public, “this is simply debunked.” Gal clarified. “We discovered 250 out of 1000. I can’t divulge certain important information I have, but as time goes on I am more convinced that this is a 400,000,000-user breach. As always, it will regrettably leak into the hands of every hacker for free. (The count would have been lower had it been a sample of non-verified accounts.)