Data breaches in one of the biggest social media platforms Twitter has resulted in the selling of the personal information of around 400 million Twitter users.
It is one of the largest data leaks that have recently been published on the dark web, according to reports. The horrifying information was made public soon after the Irish Data Protection Commission (DPC) began an investigation concerning the most recent Twitter privacy breach, which allegedly affected 5.4 million users. This was discovered in late November.
The stolen data incorporates crucial data such as users’ names, email IDs, and phone numbers of users among additional details.
To prove the hack was legitimate, the hacker released an example of the data on his sites as evidence. The hacker even included some of the profiles of famous personalities and organizations that include:
- Alexandria Ocasio-Cortez
- CBS Media
- Donald Trump Jr.
- Doja Cat
- Charlie Puth
- Sundar Pichai
- Salman Khan
- NASA’s JWST account
- Ministry of Information and Broadcasting, India
- Shawn Mendes
- Social Media of WHO
In his post, the hacker writes, “Twitter or Elon Musk if you are reading this you are already risking a GDPR fine over 5.4m breach imagine the fine of 400m users breach source. Your best option to avoid paying $276 million USD in GDPR breach fines like Facebook did (due to 533m users being scrapped) is to buy this data exclusively.”
The hacker states he is open to the ‘Deal’ going through a middle man, “After that I will delete this thread and will not sell this data again. And data will not be sold to anyone else which will prevent a lot of celebrities and politicians from Phishing, Crypto scams, Sim swapping, Doxxing and other things that will make your users Lose trust in you as a company and thus stunt the current growth and hype that you are having also just imagine famous content creators and influencers getting hacked on twitter that will for sure Make them ghost the platform and ruin your dream of twitter video sharing platform for content creators, also since you Made the mistake of changing twitter policy that got an immense backlash.”
While further threat actors have not ascertained the data yet, Alon Gal in his LinkedIN post noted that “The data is increasingly more likely to be valid and was probably obtained from an API vulnerability enabling the threat actor to query any email/phone and retrieve a Twitter profile, this is extremely similar to the Facebook 533m database that I originally reported about in 2021 and resulted in a $275,000,000 fine to Meta.”