Twitter data of 40 crore users including actor Salman Khan, Google CEO Sundar Pichai, SpaceX, and Donald Trump Junior is likely to be on sale on the dark web, Israeli cyber intelligence company Hudson Rock stated in a report. This may be the micro-blogging site's largest data leak.
"The private database contains devastating amounts of information including emails and phone numbers of high profile users," the report stated.
A screenshot of put up by the seller on the dark web allegedly reads: "I am selling data of +400 million unique Twitter users that was scrapped via a vulnerability, this data is completely private. And it included emails and phone numbers of celebrities, politicians, companies, normal people, and a lot of OG and special usernames."
BREAKING: Hudson Rock discovered a credible threat actor is selling 400,000,000 Twitter users data.The private database contains devastating amounts of information including emails and phone numbers of high profile users such as AOC, Kevin O'Leary, Vitalik Buterin & more (1/2). pic.twitter.com/wQU5LLQeE1 — Hudson Rock (@RockHudsonRock) December 24, 2022
The hacker also had a message for Twitter and Elon Musk.
"Twitter or Elon Musk, if you are reading this post, you are already at risk of GDPR fines for the data leak of over 54 million users. Now fines for data leak of 400 million users. Your best option to avoid paying $2.76 million in CDPR breach fines like Facebook did (due to 533 million users being scraped) is to buy this data exclusively, the post read.
Other high-profile users mentioned in the hacker's post include pop stars Charlie Puth and Shawn Mendes, rapper Doja Cat, politician Alexandria Ocasio-Cortez and Donald Trump Jr, former Spanish footballer Gerard Pique, CBS Media, and Ministry of Information and Broadcasting, India.
Responding to the apparent data leak, Alon Gal, co-founder, and CTO of Hudson Rock, wrote on LinkedIn, "They claim this data was obtained up to early 2022 due to an exploit in Twitter and in their post they talk directly to Elon Musk asking him to buy the data to avoid GDPR lawsuits."
"The data is increasingly more likely to be valid and was probably obtained from an API vulnerability enabling the threat actor to query any email/phone and retrieve a Twitter profile, this is extremely similar to the Facebook 533m database that I originally reported about in 2021 and resulted in a $275,000,000 fine to Meta."
Read more: Salman Khan birthday: Shah Rukh Khan hugs actor at party. Video
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
