Hacker Steals Personal Data of 40 Crore Twitter Users, Puts It Up For Sale On Dark Web

All is not well for Twitter, especially since billionaire Elon Musk bought the social media platform this year. The latest report suggests that a hacker has stolen the personal data of nearly 40 crores Twitter users, including that of Google CEO Sundar Pichai and Bollywood actor Salman Khan.

All the personal data is reportedly put up for sale on the dark web.

A report from the Israeli cyber intelligence company Hudson Rock reveals that data of Twitter users put up for sale on the dark web contains personal details like name, email, username, and followers. In some cases, data also include phone numbers. Earlier too, hackers accessed the data of crores of Twitter users, but this is perhaps the biggest of all time.

A couple of months back, over 5.4 million Twitter users’ data was leaked. The Irish Data Protection Commission (DPC) recently announced an investigation into a past data leak.

This time, an anonymous hacker posted a sample of data on one of the hacker forums. The sample data revealed the kind of details that are put up for sale on the dark web. It also revealed that some high-profile accounts have also been compromised. Some of these high-profile account holders include

SpaceX, CBS Media, Donald Trump Jr., Sundar Pichai, Salman Khan, NASA’s JWST account, NBA, Ministry of Information and Broadcasting, India, and the social media of WHO.

Hudson Rock report said that the hacker may have accessed the personal details of crores of Twitter users due to an API vulnerability. The bug may have led to the hacker accessing personal details like email IDs and phone numbers of crores of Twitter accounts.

Screenshots of the hacker’s post shared by Hudson Rock show that the hacker wrote, “Twitter or Elon Musk if you are reading this you are already risking a GDPR fine over 5.4m breach imagine the fine of 400m users breach source. Your best option to avoid paying $276 million in GDPR breach fines like Facebook did (due to 533m users being scraped) is to buy this data exclusively.”

The hacker also said that he is open to “dealing” going through a middleman. “After that, I will delete this thread and will not sell this data again. And data will not be sold to anyone else which will prevent a lot of celebrities and politicians from phishing, crypto scams, sim swapping, doxing and other things that will make your users lose trust in you as a company and thus stunt the current growth and hype that you are having also just imagine famous content creators and influencers getting hacked on Twitter that will for sure make them ghost the platform and ruin your dream of Twitter video sharing platform for content creators. Also, since you made the mistake of changing twitter policy that got an immense backlash,” the hacker said.

Alon Gal, co-Founder and CTO of Hudson Rock, posted on LinkedIn that “the data is increasingly more likely to be valid and was probably obtained from an API vulnerability enabling the threat actor to query any email/phone and retrieve a Twitter profile, this is extremely similar to the Facebook 533m database that I originally reported about in 2021 and resulted in a $275,000,000 fine to Meta.”

Currently, neither Twitter nor Elon Musk has confirmed the data leak. The Irish Data Protection Commission (DPC) is currently investigating a past data leak that reportedly compromised over 5 million Twitter profiles.