Now, just when you thought the Twitter controversy dust had settled, a hacker says they have the personal information of 400 million users for sale.
The API flaw that was used to get the data has supposedly been patched since 2021, when it was supposedly collected.
The threat actor, who goes by the alias “Ryushi,” warned Elon Musk and Twitter that failing to purchase the data at the asking price of $200,000 will result in even worse fines under the General Data Protection Regulation.
Data breach on Twitter in 2022
In December 2022, the threat actor apparently signed up for the Breached hacking forum and posted the following message:
“Your best option to avoid paying $276 million USD in GDPR breach fines like facebook did (due to 533m users being scraped) is to buy this data exclusively… after that I will delete this thread and will not sell this data again.”
Email addresses, usernames, follower counts, creation dates, and even some individuals’ phone numbers were among the exposed data belonging to over a thousand people, including a number of celebrities.
If Twitter (or anyone wants the information) doesn’t pay the hacker $200,000 for an exclusive licence to use the data, the hacker says they’ll sell it to numerous purchasers for $60,000.
In spite of the fact that the vulnerable API was patched in January 2022, several threat actors have been found to have exploited it, leaving over 400 million users vulnerable to frauds and phishing assaults.
Meanwhile, WhatsApp has been under fire after a data breach exposed the private details of over 500 million users. However, it appears that the leak was recycled from a 2019 Facebook data breach.
Subtly charming pop culture geek. Amateur analyst. Freelance tv buff. Coffee lover