Pay Up Or Face Fine, Hacker With Private Info Of 400 M Twitter Users Warns Elon Musk

A hacker claims that they have public and private data of 400 million Twitter users that was scraped in 2021 through an API vulnerability that has been fixed since since then.

A threat actor named "Ryushi" is selling the data on the Breached hacking forum, asking for $200,000 for an exclusive sale. Ryushi claims to have collected data of over 400 million unique Twitter users using a vulnerability.

Unsplash

Personal data under threat

In addition, the hacker also urged Elon Musk and Twitter to buy the data in order to escape a potential fine under Europe's GDPR privacy law.

"Twitter or Elon Musk if you are reading this you are already risking a GDPR fine over 5.4m breach imaging the fine of 400m users breach source," wrote Ryushi in a forum post.

Unsplash

"Your best option to avoid paying $276 million USD in GDPR breach fines like Facebook did (due to 533m users being scraped) is to buy this data exclusively."

Also read:?Twitter's New Feature Shows 'View Count' Below Every Tweet And Users Aren't Pleased

The hacker also laid out ways in which this data could be exploited by hackers and other threat actors to carry out phishing attacks, cryptocurrency scams, and more. The forum post also has sample data for 37 public figures including Donald Trump Jr., Piers Morgan, and Alexandria Ocasio-Cortez.

Unsplash

The information contained in this data dump includes users' email addresses, names, usernames, follower count, phone numbers, and account creation date. Almost all of this data is readily available to any Twitter user, except phone numbers and email addresses.

Also read:?Twitter's New Colour-Coded Labels And Checkmarks For Verified Accounts Are Here

In conversation with BleepingComputer, Ryushi said that they're selling the data to single person or entity for $200,000. If not, the data's multiple copies will be sold to people for $60,000 per sale.

Reuters

The same (now fixed) API vulnerability that allowed this hacker to get their hands on this data also led to a 5.4 million user data breach earlier.

What do you think about the dangers of your private information going public? Let us know in the comments below.?For more in the world of?technology?and?science, keep reading?Indiatimes.com.?

References

Abrams, L. (2022, December 26). Hacker claims to be selling Twitter data of 400 million users. BleepingComputer. https://www.bleepingcomputer.com/news/security/hacker-claims-to-be-selling-twitter-data-of-400-million-users/