Twitter has been in turmoil ever since Tesla CEO Elon Musk took control of the social media platform in a deal worth $44 billion (roughly Rs. 3,64,000 crore) in October. Mass layoffs at the company, major policy changes, and concerns about platform regulation have followed. Now, Twitter could be facing a massive data breach that could threaten private information of users. According to a report, data of 40 crore Twitter users, including prominent public figures like American politician Alexandria Ocasio-Cortez and Google CEO Sundar Pichai, has been put up for sale. Furthermore, the individual behind the breach is also reportedly attempting to extort Twitter CEO Elon Musk to buy the data.
According to cybersecurity firm Hudson Rock, which first spotted the breach, private data of over 40 crore individuals has been obtained by a “threat actor” and is now up for sale. The database includes sensitive information like emails and phone numbers.
In their tweets, the firm explained that the individual responsible for the breach is “credible” and claims to have procured the data in early 2022 by exploiting a vulnerability in Twitter. The threat actor has also provided a sample of the data, revealing private information of high-profile individuals like Donald Trump Jr., Sundar Pichai, and Alexandria Ocasio-Cortez.
Hudson Rock posted a screengrab of the data breach post from the hacker, that was published on December 23. The individual appears to be extorting Twitter CEO Elon Musk over the leak. “Twitter or Elon Musk if you are reading this you are already risking a GDPR fine over 5.4m breach imaging the fine of 400m users breach source. Your best option to avoid paying $276 million USD in GDPR breach fines like Facebook did (due to 533m users being scraped) is to buy this data exclusively.”
The claims of the threat actor are not yet verified, but Hudson Rock said that the breached data seems to be legitimate.
This is not the first data breach Twitter has faced. In August, Twitter data of 5.4 million users went up on sale online. Twitter had confirmed that the impact of the breach was global. Last week Meta agreed to pay $725 million (roughly Rs. 6,000 crore) to resolve a class-action lawsuit accusing the company of allowing third parties to access personal information of users.