A hacker claims to be selling the 400 million user datas, which were detected in 2021 thanks to an API vulnerability that has since been patched.
The author of the threat, who calls himself “Ryushi”, advised Elon Musk and Twitter to buy the data for the price of 200,000 dollarsor they will face an even bigger GDPR fine.
The threat actor, who appears to have joined the hacker forum Breached in December 2022, wrote:
Your best bet to avoid paying $276 million in fines for a GDPR violation like Facebook did (because 533 million users were leaked) is to just buy this data… after that I will delete this thread and not sell this data again.
Sample data of over 1,000 users, including several celebrities, leaked with email addresses, usernames, follower counts, creation dates and phone numbers.
If no sale is made to Twitter (or any other party that wants the information) for $200,000, the hacker claims v.will sell the data to multiple buyers for $60,000 each.
The API that caused the vulnerability was patched in January 2022, although several cybercriminals have been confirmed to have exploited it, putting over 400 million users at risk of scams and phishing attacks.