Elon Musk doesn’t seem to care too much but Ireland’s privacy regulator has already announced it would examine a recently disclosed – yet unconfirmed – data breach at Twitter that might have affected around 400 million users.
Ireland’s privacy watchdog, Data Protection Commission (DPC) said it “will examine Twitter’s compliance with data-protection law in relation to that security issue” – a claim by the hacker “Ryushi” who says he has stolen private details linked to more than 400 million Twitter accounts.
An ad on a hacking forum recently said that the stolen dataset included Twitter handles, usernames, email addresses, phone numbers, follower count, and other information. It seems the aim is to sell all this for at least $50,000, however, the data was also directly offered to Elon Musk, Twitter’s CEO – for $200,000.
Musk or Twitter in general has not reacted to the claimed breach that the Israeli cyber-crime intelligence company Hudson Rock says looks authentic. The firm’s researchers checked the samples published by the hacker and called the data “legitimate.”
A lot of celebrities and politicians appeared in the published samples of leaked phone numbers and emails, including Piers Morgan, a British media personality, US politician Alexandria Ocasio-Cortez, basketball star Stephen Curry, and others.
It remains to be seen if the social media company will cooperate with the authorities in Ireland, yet it seems Dublin is taking the news seriously – and not for the first time. DPC is already investigating Twitter over a previous breach.
That’s because someone already attempted to sell the email addresses and phone numbers of 5.4 million Twitter users on the dark web. On December 23, DPC said it was launching a probe into the platform’s response to the incident, and is now indicating the scope of the inquiry will expand.
Twitter earlier admitted vulnerabilities in its API (Application Programming Interface) systems, and as of today, no one has been able to confirm for sure how many users had been caught up in the exploit.
“Reports have claimed that some additional datasets have now been offered for sale on the dark web,” the regulator said in a statement to the BBC, the British public broadcaster. “The DPC has engaged with Twitter in this inquiry and will examine Twitter’s compliance with data-protection law in relation to that security issue.”
DPC earlier also sought information from Twitter about the potential impact of the company’s recent layoffs on its ability to meet privacy obligations. The layoffs affected more than half of Twitter’s workforce, including members of its policy, safety and privacy teams.
In the case of the latest breach, it’s clear that the hacker is perfectly aware how damaging the loss of data could be for Twitter. In his post on a hacking forum, the threat actor specifically pointed out that the company is already facing repercussions from European authorities.
The Irish privacy watchdog is responsible for supervising Twitter’s privacy practices because the firm’s European Union head office is located in Ireland.
DPC also oversees many other major tech firms that maintain their EU offices in Ireland, including Meta. Facebook’s parent company was fined €265m ($277m) by DPC over a leak that exposed hundreds of millions of user records.
More from Cybernews:
Subscribe to our newsletter