SECURITY
SECURITY
SECURITY
Data of 400M Twitter users offered for sale on hacking forum
A hacker is offering data from some 400 million Twitter accounts for sale that is said to have been scraped via an application programming interface vulnerability.
The hacker goes by the name of Ryushi on BreachForums, the successor site to the now-shuttered RaidForums. The hacker claims that the data includes the email addresses and phone numbers of celebrities, politicians, companies and others.
On the listing, Ryushi lists email addresses for Donald Trump Jr., Alexandria Ocasio-Cortez, Neil DeGrasse Tyson, Piers Morgan, Stephen Curry and various others. The hacker also links to a .CSV file with the same information for an additional 1,000 Twitter users as further proof.
In a twist, the hacker also addresses both Twitter and Elon Musk, claiming that their best option is to purchase the data — which is then claimed to be 533 million users, to avoid the risk of a European Union General Data Protection Regulation fine. Ryushi then adds that if Musk or Twitter purchases the data, the data will not be sold to others “which will prevent a lot of celebrities and politicians from phishing, crypto scams, sim swapping, doxing and other things that will make your users lose trust in you as a company.
“From [sic] content creators this is a sensitive time, which will make things far worse and if you are unsure just run a poll on Twitter like usual and people will choose their fate because at the end of the day it’s the company’s fault that this data was breached,” the hacker added.
According to Bleeping Computer, the hacker collected the private phone numbers and email addresses using an API vulnerability that Twitter fixed in January 2022. The same API vulnerability is believed to have been used to steal data relating to 5.4 million Twitter users that first appeared in July and then were released for free in November.
Although the validity of the claimed 400 million plus or 533 million users — the hacker uses both numbers — is not confirmed, if any of it is legitimate, the stolen data will gain the attention of regulatory authorities.
Last week, Ireland’s Data Protection Commission announced that it had launched a probe into the previous 5.4 million stolen Twitter records.
Before the launch of the probe, the commission requested additional information from Twitter about its compliance with data privacy regulations. Having reviewed the information, the commission determined that the company may have infringed the EU GDPR and the Data Protection Act 2018, the U.K.’s implementation of GDPR.
Image: BreachForum
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
