Over 400 million Twitter users’ data containing private emails and linked phone numbers have reportedly been up for sale on the dark web. This includes data on accounts held by the World Health Organization (WHO), National Aeronautics and Space Administration (NASA), the Indian Ministry of Information and Broadcasting as well as data from accounts of several well-known personalities and celebrities from across the globe.
The hacker, according to a report by Israeli cyber intelligence firm Hudson Rock, used a male avatar and goes by the handle ‘Ryushi’. They have also offered a deal and as proof, and leaked data like mobile numbers, e-mails, number of followers etc. attached to accounts. The hacker threatened new Twitter-owner Musk to take his/her deal so that the platform can avoid a fine by EU, though experts have pointed out that EU fines under the General Data Protection Regulations (GDPR) aren't levied on companies for being breached, but for not reporting breaches on time.
To be sure, this is not the first instance of data leak on Twitter. In July, personal data of about 5.4 million or 54 lakh users of Twitter was made available for sale online by a hacker group called Ryushi. Twitter confirmed that breach in August, saying that it had learned about the flaw in January via its bug bounty program and immediately fixed it. The company hasn't yet provided a statement on the new breach.
The Data Protection Commission (DPC) of Ireland is investigating the August incident. On December 23, the authority said that Twitter violated provisions of the GDPR. The Iriish regulator had fined fined Meta €265 million over a data breach of more than half a billion social media users in November. According to a Bloomberg report, the agency is intensifying a probe into whether Twitter is complying with the order, especially given the exodus of senior legal, privacy and compliance executives.
If verified, the data breach may be a blow to Twitter and its new chief executive, who has said that he will step down from the CEO role at the social media network once he finds a suitable replacement, after a recent poll.