Application security, Identity

Over 400M Twitter users’ data claimed to be on sale in the dark web

BleepingComputer reports that more than 400 million Twitter users' public and private data scraped last year is being sold by a threat actor dubbed 'Ryushi' on the Breached hacking forum for $200,000. Ryushi claimed to have acquired the data through the exploitation of an API vulnerability, which has since been fixed by Twitter, while warning Twitter and Elon Musk to purchase the data before being fined under the GDPR. "I gained access by same exploit used for 5.4m data leak already. Spoke with the seller of it and he confirmed it was in twitter login flow," said Ryushi. Data from 37 politicians, government agencies, corporations, and celebrities including Alexandria Ocasio-Cortez, Donald Trump Jr., Kevin O'Leary, Piers Morgan, and Mark Cuban have been initially leaked by Ryushi, who later exposed a sample of 1,000 Twitter user profiles, which include user's names, usernames, email addresses, phone numbers, account creation date, and follower count. Should the exclusive purchase of $200,000 not be made, Ryushi said that they will be selling copies worth $60,000 to various individuals.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.