The attacker claims that he received data on 400,000,000 Twitter users and put them up for sale. The seller provided a sample of 1000 accounts as evidence of the reliability of the database, which includes personal information of famous personalities, such as Donald Trump Jr., Vitaly Butaterin, Brian Krebs and others.
A seller named Ryushi, claims that the data was collected using a vulnerability. They include:
- users’ names;
- emails;
- numbers of celebrities, politicians, companies, ordinary users.
The seller also offers Twitter and Ilon Mask to buy data to avoid lawsuits GDPR.
“Twitter or Elon Musk, if you read this, you already risk getting a fine of GDPR for 5.4 million violations that imply a fine for a data leak of 400 million users. Your best way to avoid paying a fine of $ 276 million (as This was done by Meta*). For violation of GDPR, it is to buy this data, ”said Ryushi.
The seller also said that the sale is accompanied by a conditional deposit service offered by the Breached forum administrator under the nickname “ pompompurin “.
“”.
Probably, the data were obtained due to vulnerabilities of the API , which allows the threat to ask any email address/phone and receive Twitter profile “, – explained Alon Gal, the co -founder of the threat analysis Hudson Rock.
November 28 this year, DPC accused Meta* Platforms Ireland Ltd. (Mpil) in violation of the GDPR rules – the company did not provide “default data protection.” As a result of the leak, the attacker was able to explicit the personal data of 533 million users. The commission fined Meta* by $ 275 million, and also demanded to take measures to increase cybersecurity.
*META and the company’s products (Instagram and Facebook) are recognized as extremist organizations; Their activities are prohibited in the Russian Federation.