Twitter in data-protection probe after ‘400 million’ user details up for sale
Image credit: BBC
A watchdog will look into Twitter after a hacker claimed to have access to personal information for more than 400 million accounts.
The hacker “Ryushi” is demanding $200,000 (£166,000) to hand over the data and delete it. The data reportedly includes that of some celebrities.
According to The Guardian, a hacker uploaded a sample of data that includes information about US Representative Alexandria Ocasio-Cortez. It is also rumoured that the data of presenter Piers Morgan, whose Twitter account was recently compromised, is included.
Although the hack, as Mr Krebs writes, certainly occurred before the Tesla CEO took charge, chief executive Elon Musk did not respond to a Twitter request for comment from renowned cyber-security reporter Brian Krebs.
The cybercrime intelligence firm Hudson Rock claims to have been the first to sound the alarm on the selling of data.
Alon Gal, the company’s chief technology officer, told me that a number of indicators appeared to confirm the hacker’s claim, even though the volume of data seized had not been validated.
According to “Ryushi,” the data was compiled by taking advantage of a flaw in a system that allows computer programmes to interact with Twitter.
In 2022, Twitter made the system’s flaws permanent. However, it is also thought that the issue was exploited in the earlier breach, which affected more than five million accounts.
On December 23, the DPC declared that it was looking into the earlier breach.
Dublin serves as the location of Twitter’s European headquarters, so the commission is the primary body ensuring that it complies with EU data protection laws.
The hacker is aware of the harm that losing data to platforms can cause.
Twitter is cautioned in the web post offering to sell the data that doing so will give it the best chance to avoid paying a large fee for data protection.
After data from more than 533 million Facebook users were scraped and posted online in November, Meta was penalised by the DPC with a 265 million euro ($276 million) fine.