A threat actor is claiming they have obtained data of 400,000,000 Twitter users and is offering it for sale.

A threat actor claims they have obtained data of 400,000,000 Twitter users and is attempting to sell it.

The seller claims the database is private, he provided a sample of 1,000 accounts as proof of claims which included the private information of prominent users such as Donald Trump JR, Brian Krebs, and many more.

The seller, a member of data breach forums named Ryushi, claims the data was scraped via a vulnerability, it includes emails and phone numbers of celebrities, politicians, companies, normal users, and a lot of OG and special usernames.

The seller is also inviting Twitter and Elon Musk to buy the data to avoid GDPR lawsuits.

“Twitter or Elon Musk if you are reading this you are already risking a GDPR fine over 5.4m breach imaging the fine of 400m users breach source. Your best option to avoid paying $276 million USD in GDPR breach fines like facebook did (due to 533m users being scraped) is to buy this data exclusively.” reads the advertising.

The seller also announced that the sale is covered by the escrow service offered by the Breached forum administrators (pompompurin).

At this time is it not possible to verify the claims of the seller.

Ireland’s Data Protection Commission on Friday opened a probe into Twitter over an August data breach that has reportedly impacted 5.4 million Twitter users.

“The data is increasingly more likely to be valid and was probably obtained from an API vulnerability enabling the threat actor to query any email / phone and retrieve a Twitter profile (https://lnkd.in/dMsWwiJa), this is extremely similar to the Facebook 533m database that I originally reported about in 2021 and resulted in a $275,000,000 fine to Meta.” explained Alon Gal, co-Founder of threat intelligence firm Hudson Rock.

Update December 26, 2022

Alon Gal reported that Twitter placed a “readers context” in which they attribute the 400,000,0000 Twitter user database to the August data leak impacting 5,400,000 users, but according to the expert it is false.

“This is easily disproved by comparing the samples in the new leak to the older 5.4m version which had already been leaked publicly.” Gal explained. “250 out of 1000 are found. (the count would have been lower had it been a sample of non-verified accounts) I can’t share some sensitive information I have, but as time goes on I am more confident this is a 400,000,000 users leak, and as always, it will unfortunately leak to the hands of every hacker for free.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)

[adrotate banner=”5″]

[adrotate banner=”13″]