BleepingComputer reports that more than 400 million Twitter users' public and private data scraped last year is being sold by a threat actor dubbed 'Ryushi' on the Breached hacking forum for $200,000.
Ryushi claimed to have acquired the data through the exploitation of an API vulnerability, which has since been fixed by Twitter, while warning Twitter and Elon Musk to purchase the data before being fined under the GDPR. "I gained access by same exploit used for 5.4m data leak already. Spoke with the seller of it and he confirmed it was in twitter login flow," said Ryushi. Data from 37 politicians, government agencies, corporations, and celebrities including Alexandria Ocasio-Cortez, Donald Trump Jr., Kevin O'Leary, Piers Morgan, and Mark Cuban have been initially leaked by Ryushi, who later exposed a sample of 1,000 Twitter user profiles, which include user's names, usernames, email addresses, phone numbers, account creation date, and follower count. Should the exclusive purchase of $200,000 not be made, Ryushi said that they will be selling copies worth $60,000 to various individuals.
Over 400M Twitter users’ data claimed to be on sale in the dark web
More than 400 million Twitter users' public and private data scraped last year is being sold by a threat actor dubbed 'Ryushi' on the Breached hacking forum for $200,000.
Both iOS and Android devices have been targeted with attacks involving the fake app dubbed "SB-INT," which lured victims into manually trusting the Enterprise developer profile before triggering the registration process that would seek additional information from victims.