Cybercrime intelligence firm Hudson Rock has disclosed that a threat actor is trying to sell the users’ data of 400 million Twitter customers containing private information about celebrities, politicians, and companies.
Some of the big names include former U.S. President Donald Trump, Ethereum founder Vitalik Buterin, Shark Tank star Kevin O’Leary, billionaire investor Mark Cuban, and lots more.
Threat Actor Tries to Sell Private Twitter Data
According to Hudson Rock, the threat actor claimed the data was obtained earlier this year via a Twitter vulnerability. The database contains information about the breached Twitter users, including their emails, account creation dates, and phone numbers.
The actor, who goes by the name Ryushi, has asked the Twitter management team and its new owner Elon Musk to reach out to specified accounts to strike a bargain for an exclusive buy-out to prevent the wrong people from getting a hold of the data.
Ryushi told Musk that failure to cooperate would attract GDPR breach fines of up to $276 million, just like Facebook did when over 500 million users’ data was exposed.
“Twitter or Elon Musk, if you’re reading this you are already risking a GDPR fine over 5.4m imaging the fine if 400m users breach. Your best option to avoid paying $276 million USD in GDPR breach fines like Facebook did (due to 533m users being scraped) is to buy this data exclusively…,” the message read.
Users Could Lose Trust in Twitter
The threat actor further highlighted the consequences of Twitter’s failure to cooperate. Ryushi explained that selling the data to anyone else would expose celebrities and politicians to crypto scams, phishing, doxxing, and other malicious activities.
Ryushi pointed out that since Musk was already standing on shaky ground for changing Twitter’s policy, users could completely lose their trust in the platform when they find out about the breach.
Meanwhile, some Twitter users are speculating that Ryushi’s claim of having the private data of 400 million accounts is untrue, but Hudson Rock thinks otherwise.
“Please Note: At this stage it is not possible to fully verify that there are indeed 400,000,000 users in the database. From an independent verification the data itself appears to be legitimate and we will follow up with any developments,” the cybercrime intelligence firm stated.