Security News > 2022 > December > Stolen info on 400m+ Twitter accounts seemingly up for sale

A miscreant this Christmas weekend said they are willing to sell public and private info on more than 400 million Twitter accounts.

The records were apparently scraped in 2021 via a security flaw fixed earlier this year in a backend API that the Twitter Android app used.

The Irish Data Protection Commission is still probing that earlier snafu - and specifically, that the hole was used to obtain data on at least 5.4 million Twitter users worldwide - which may make the biz regret having an Emerald Isle office.

Posting to the Breached cybercrime forum last Friday, someone calling themselves Ryushi claimed to obtained data on 400 million-plus accounts, seemingly via the API vulnerability, and is putting it up for sale.

In a poorly worded threat, and a very unwelcome Christmas gift for Twitter boss Elon Musk, the miscreant suggested the billionaire cough up the cash or risk fat fines for allowing even more information to leak out.

"Twitter or Elon Musk if you are reading this, you are already risking a GDPR fine over 5.4m breach, imaging [sic] the fine of 400m users breach source," the scumbag wrote.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/12/27/twitter_hack_morgan/