On Breached, hackers put up for sale a database with information on 400 million unique Twitter users.
A seller named Ryushi claims that the data was collected as a result of parsing using an already fixed API vulnerability, offering an exclusive sale for $200,000.
Earlier in January 2022, thanks to the same vulnerability, other attackers managed to extract information on 5.4 million users, as well as 17 million. However, the last leak remained in private and was not sold.
As proof of the involvement of the database, Seller provided a sample including about 1,000 accounts, as well as specific examples of data from 37 celebrities, politicians, journalists, corporate executives and government agencies, including Alexandria Ocasio-Cortez, Donald Trump Jr., Mark Cuba, Kevin O'Leary and Piers Morgan.
According to Hudson Rock, at first glance, the proofs seem reliable, but it is impossible to fully assume the legitimacy of the entire base at this stage.
The user profiles contained in the database contain publicly available and confidential data from Twitter, including users' email addresses, installation data, number of subscribers, creation date and phone numbers.
The seller said that the transaction is covered by the escrow service offered by the administrators of the Breached forum, in particular, the notorious pompompurin.
After the sale, hackers promise to delete the data. In case of refusal of the exclusive purchase, the database will be sold in copies to several buyers for $ 60,000.
Hackers approached Elon Musk with an offer to purchase data before it leads to a large fine of $ 276 million in accordance with the European privacy law GDPR, and also referred to a message that reflects the main ways to further compromise user information for fraudulent purposes.
At the same time, as the hackers themselves admit, all attempts to get in touch with Twitter failed. The company has not commented on the incident yet.
But we will see.