Thunderbolt at Twitter: a hacker explains that he has hacked the data of 400 million users. A record figure for the social network, which has already paid the price for a massive hack of its data in August 2022. The hacker invites Elon Musk and Twitter to buy the data in order to avoid prosecution under the GDPR.
If Elon Musk has had trouble with employees and users of Twitter since the acquisition of the platform for 44 billion dollars last October, now a new case falls on him. And not least: hacker claims to have got hold of emails and phone numbers ordinary users, but also celebrities and large companies.
In total, he would thus have recovered on 400 million accounts, unheard of for the social network. And according to the hacker behind this hack, Elon Musk and Twitter must buy this gigantic database, in order to avoid a legal imbroglio and a record fine.
Twitter: a hacker steals the personal data of 400 million accounts
On the dark web, a pirate in question answering to the pseudonym of Ryushi therefore claims to have got his hands on a pharaonic quantity of Twitter accounts. As an appetizer, it broadcasts the data of 1,000 personal accounts, so that a potential buyer can verify their authenticity. Among them are information from Donald Trump Jr, cybersecurity specialist Brian Krebs, etc..
But before releasing the information he has collected in the public square, Ryushi explains his position thus: “Twitter or Elon Musk if you read this, you currently risk a GDPR fine of more than 5.4 million violations, so imagine a fine for an infringement affecting 400 million users. Your best option to avoid paying $276 million in fines for GDPR violations like Facebook did (because of 533 million affected users) is to buy that data exclusively.”
The hacker explains that he had access to this data after finding different flaws in the security of the social network. This is not the first time this year that Twitter has been the victim of a data theft. Last July, the personal data of 5.4 million users was leaked and was on sale for $30,000. It is to this story that the hacker refers in his message.
But according to Alon Gal, co-founder and chief technical officer of cybercrime intelligence firm Hudson Rock, the leak has nothing to do with the 5.4 million Twitter accounts stolen earlier this year. The sample of 1,000 accounts revealed does not show enough similarities with the 5.4 million accounts. On the other hand, this new leak seems perfectly credible, even if Alon Gal does not confirm the figure of 400 million stolen accounts.
Another case that Twitter and its new CEO would certainly have liked to do without… While waiting for the next one, most certainly.
Source : Security Affairs