A hacker is asking $200,000 (RMB 1.394 million ) on the dark web to sell the data of 400 million Twitter users scraped in 2021 using a vulnerability that has now been fixed. The hacker, who goes by the name “Ryushi,” sold the data dump on the Breached hacking forum, which is often used to sell user data stolen from various security incidents.
The hackers, who go by the name “Ryushi,” said in a post that they used the vulnerability to successfully collect data from more than 400 million Twitter users. And in the post, the hacker said that Elon Musk should buy the data if he wants to avoid the huge fines under European GDPR regulations.
Ryushi wrote in the post, “If Twitter or Elon Musk reads this post, can you consider buying the data or facing a fine of over €5.4 million for the breach of over 400 million users’ data?”
The post also mentions Facebook, which was fined $276 million by the European Union for the theft of 533 million users’ data that was made public.
The threat actor also linked to a post explaining how the data was misused by other threat actors in phishing attacks, cryptocurrency scams and BEC attacks.
The post also shared sample data from 37 celebrities, journalists, companies, and organizations, including Alexandria Ocasio-Cortez, Donald Trump JR, Mark Cuba, Kevin O’Leary, and Piers Morgan. in addition, a larger sample of 1,000 Twitter user profiles was later leaked.
These user profiles contained both public and private Twitter data, including users’ email addresses, names, usernames, number of followers, creation dates, and phone numbers. While all of the leaked profiles appear to have email addresses associated with them, many do not have phone numbers.
