He claims to have obtained this by exploiting a vulnerability in the Twitter platform – which the company fixed earlier this year. Selling the dump, the threat actor warned Elon Musk and his company to purchase it directly from his and delete the thing for good!
Selling the PII of Twitter Users
Amidst the havoc that Elon Musk is creating at Twitter, the company is facing yet another blow in the form of a new security incident. On Monday, someone at the Breached hacking forum is selling a dump of 400+ million Twitter users’ data for $60,000 a copy! Talking to BleepingComputer, the threat actor said he obtained this data by scraping from the now-fixed API bug – that led to many data breaches at Twitter since last year. Though Twitter patched this bug in January this year, the threat actor may have exploited it earlier to get this data. Also, he claims to have informed Twitter and Elon Musk before posting this dump but didn’t get any response from them. Thus, he shared the samples of several celebrities, politicians, journalists, corporations, and government agencies like Alexandria Ocasio-Cortez, Donald Trump JR, Mark Cuban, Kevin O’Leary, and Piers Morgan. Further, he shared a larger sample of 1,000 Twitter user profiles and warned Elon Musk to buy the dump exclusively by paying $200,000 and avoid paying fine to the GDPR, which can amount to hundreds of millions. To ramp up his force, the threat actor even shared a link to a post explaining how this data could be abused by others for phishing attacks, crypto scams, and BEC attacks. The leaked data includes both public and private Twitter information, like the users’ email addresses, names, usernames, follower count, creation date, and phone numbers. Though all the data fields have email addresses, many are not having phone numbers associated with their accounts. Yet, email addresses are enough to be exploited, as they’re private information.