Just when you thought the various controversies surrounding Twitter were winding down, a hacker claims to be selling the data of 400 million users.
The data was allegedly captured in 2021 and obtained using an API vulnerability that has since been patched.
The threat actor, who calls himself "Ryushi," advised Elon Musk and Twitter to buy the data at the asking price of $200.000 or face an even heavier GDPR fine.
Twitter data leak 2022
The menacing actor, who appears to have joined the Breached hacking forum in December 2022, wrote:
"Your best bet to avoid paying €276 million in fines for GDPR violations like Facebook did (due to 533 million deleted users) is to buy that data exclusively... after that, I'll delete this thread and no longer resell the data ."
Sample data of more than 1000 users, including various celebrities, including email addresses, usernames, number of subscribers, creation dates, and phone numbers of some users, was leaked.
If an exclusive sale to Twitter (or any other party who wants the information) for €200 does not take place, the hacker claims that he will sell the data to multiple buyers for €000 each.
Bleeping Computer (opens in a new tab) reports that the API causing the vulnerability was patched in January 2022, but multiple threat actors have been confirmed to have used it, exposing more than 400 million users to the risk of scams and phishing attacks.
On the other hand, WhatsApp recently came under pressure after a data breach led to the leak of personal information of more than 500 million users, although this is now believed to be a reuse of an earlier Facebook leak from 2019.
TechRadar Pro has contacted Twitter for further comment on the threat.