BleepingComputer reports that more than 400 million Twitter users' public and private data scraped last year is being sold by a threat actor dubbed 'Ryushi' on the Breached hacking forum for $200,000.
Ryushi claimed to have acquired the data through the exploitation of an API vulnerability, which has since been fixed by Twitter, while warning Twitter and Elon Musk to purchase the data before being fined under the GDPR. "I gained access by same exploit used for 5.4m data leak already. Spoke with the seller of it and he confirmed it was in twitter login flow," said Ryushi. Data from 37 politicians, government agencies, corporations, and celebrities including Alexandria Ocasio-Cortez, Donald Trump Jr., Kevin O'Leary, Piers Morgan, and Mark Cuban have been initially leaked by Ryushi, who later exposed a sample of 1,000 Twitter user profiles, which include user's names, usernames, email addresses, phone numbers, account creation date, and follower count. Should the exclusive purchase of $200,000 not be made, Ryushi said that they will be selling copies worth $60,000 to various individuals.
A $10M ransom demand to Riot Games, a DoS in BIND and why there's no version 10, an unexpected refactor at Twilio, insights in Rust from the git security audit, SQL Slammer 20 years later, the SQLMap tool
Threat actors have been leveraging Telegram to promote the new Titan Stealer information-stealing malware, which targets Windows machines to exfiltrate browser and cryptocurrency wallet data, reports The Hacker News.