As reported by the cybercrime intelligence firm Hudson Rock, a threat actor is attempting to sell the personal information of 400 million Twitter users, which includes information on celebrities, politicians, and business organizations.
There are a lot of big names there, including former U.S. President Donald Trump, Ethereum founder Vitalik Buterin, Shark Tank star Kevin O’Leary, and billionaire investor Mark Cuban, among others.
Threat Actor Attempts to Sell Private Twitter Data
Hudson Rock said the threat actor obtained the data earlier this year through a Twitter vulnerability. The database contains email addresses, account creation dates, and phone numbers of Twitter users who were breached.
Ryushi has asked Twitter management and the new owner, Elon Musk, to negotiate an exclusive buy-out with specified accounts to prevent the wrong people from gaining access to the data.
Similarly to what Facebook did when its users’ data was exposed, Ryushi warned Musk that failure to cooperate would lead to GDPR breach penalties of up to $276 million.
“Twitter or Elon Musk, if you’re reading this you are already risking a GDPR fine over 5.4m imaging the fine if 400m users breach. Your best option to avoid paying $276 million USD in GDPR breach fines like Facebook did (due to 533m users being scraped) is to buy this data exclusively…,” the message read.
It is possible that Twitter users will lose trust in the service
Moreover, the threat actor made a point of highlighting the consequences of Twitter’s failure to cooperate with them. According to Ryushi, selling the data to anyone else would expose celebrities and politicians to crypto scams, phishing, and doxxing.
Since Musk was already on shaky ground for changing Twitter’s policy, users may lose all trust in the platform when the breach is revealed.
Ryushi claims he has 400 million accounts’ private data, but Hudson Rock disagrees.
“Please Note: At this stage it is not possible to fully verify that there are indeed 400,000,000 users in the database. From an independent verification the data itself appears to be legitimate and we will follow up with any developments,” the cybercrime intelligence firm stated.