Twitter data leak - 400 million user details up for sale

Threat actors are allegedly selling data of 400 million Twitter users, including celebrities, businesses, and government organizations.

Hours before Christmas, threat actors posted an ad on a well-known hacker forum, claiming they were selling the data of over 400 million Twitter users.

The dataset includes Twitter handles, usernames, email addresses, and phone numbers. People behind the leak claim they are willing to sell the data for $50,000.

According to the post on the hacker forum, the data scrape was possible due to an unnamed ‘vulnerability.’ Data leaks of such scale are often possible due to system flaws that allow harvesting information at scale, a practice known as ‘scraping.’

Twitter data leak
Ad announcing the leak. Image by Cybernews.

The author of the post shared two samples of the supposedly scraped data. One of the samples includes personal details that allegedly belongs to globally recognized politicians, athletes, international organizations, and US government institutions.

Threat actors selling the leak directly addressed Twitter’s CEO Elon Musk, pointing out that his company is already facing repercussions from European authorities for leaking data of 5.4m users in July.

On December 23, Ireland’s Data Protection Commission launched a probe into Twitter over July’s data breach. A data leak affecting 400m Twitter users would fuel a smoldering fire surrounding Musk’s company’s data security practices.

The post’s author noted that Meta, Facebook’s parent company, was fined €265m ($277m) by Ireland’s data privacy regulator over a leak that exposed hundreds of millions of user records.

“Just imagine famous content creators and influencers getting hacked on Twitter that will for sure make them ghost the platform and ruin your dream,” the threat actor selling the data said.

Cybernews reached out to Twitter but received no immediate response. We will update the article as soon as we learn more.

The Twitter scrape would mark a second major leak in two months if confirmed. On November 16, a threat actor posted an ad, selling a 2022 database of 487 million WhatsApp user mobile numbers. A data sample investigated by Cybernews likely confirms this to be true.

Leaked phone numbers and email addresses pose significant dangers to their owners. Threat actors could use the data to carry out phishing attacks, impersonation, and fraud.

  • To prevent consequences of personal data leaks, such as phishing or malware attacks, regular users should adopt common cybersecurity measures. This includes a reliable antivirus that blocks various cyberthreats, such as TotalAV. And for online privacy, consider looking at the the best VPN services on the market that encrypt your data. For instance, we recommend NordVPN.