In a major threat to Elon Musk-led social media platform Twitter, hackers have allegedly stolen the data of around 40 crore Twitter users and have put it on sale on the dark web. The stolen database contains information, including emails, and phone numbers of high-profile users, politicians, and companies including Google CEO Sundar Pichai, Bollywood actor Salman Khan, Kevin O'Leary, Vitalik Buterin, among others, a report by Israeli cyber intelligence company Hudson Rock said.
"Hudson Rock discovered a credible threat actor is selling 400,000,000 Twitter user's data. The private database contains devastating amounts of information including emails and phone numbers of high profile users such as AOC, Kevin O'Leary, Vitalik Buterin & more," the cybercrime intelligence company shared on Twitter.
The data was allegedly obtained in early 2022 due to a vulnerability in Twitter. The hacker also attempted to "extort Elon Musk" to buy the data or face General Data Protection Regulation (GDPR) lawsuits in the US. "In the post, the threat actor claims the data was obtained in early 2022 due to a vulnerability in Twitter, as well as attempting to extort @ElonMusk to buy the data or face GDPR lawsuits."
The intelligence firm said at this stage, however, it is not possible to fully verify that there are indeed 400,000,000 users in the database. "From an independent verification, the data itself appears to be legitimate and we will follow up with any developments."
The cybercrime intelligence company also shared a screenshot purportedly from the hacker, bearing the name "God", saying he's selling data of over 400 million unique Twitter users that were scraped via a vulnerability. "This data is completely private," the post said.
Addressing Musk, the post said his company is already risking a "GDPR fine”. The hacker threatened that the best option to avoid paying $276 million in GDPR breach fines like Facebook did (due to 533 million users being scraped) is to buy this data "exclusively".
"Which (the payment) can go through the official owner middleman...after that, I will delete this thread and will not sell this data again," the hacker said, adding the data will not be sold to anyone else, which will prevent a lot of celebrities and politicians from phishing, crypto scams, sim swapping, and doing.
For content creators, this is a sensitive time, which will make things far worse, claims the hacker. He told Musk that if he's unsure, "run a poll on Twitter like usual and people will choose their fate because, at the end of the day, it's the company's fault that this data was breached".
Examples of Twitter accounts whose data was breached include Alexandria Ocasio-Cortez, American politician and activist, Google CEO Sundar Pichai, Musk's space company SpaceX, Hollywood singer Dojacat, US businessman Donald Trump Jr, singer Charlie Puth, Kevin O'Leary, Ministry of Information & Broadcasting (MIB), India, World Health Organisation (WHO), businessman Mark Cuban, Apple co-founder Steve Wozniak, among others.
Twitter is having a roller coaster ride under Musk's reign, with half of its workforce fired and many of its policy decisions facing roadblocks. Musk's constant involvement in Twitter is also hurting the stock value of his other company, Tesla Inc, whose value has eroded by over 58% since Musk disclosed his stake in Twitter. Amid the chaos, Musk last week announced that he'll resign as the CEO of Twitter as soon as he finds his replacement. He also ran a poll on Twitter, in which about 57.5% of users voted in the favour of his resigning from his position at Twitter.