Personal data of 40 crore Twitter users including Sundar Pichai, actor Salman Khan up for sale on dark web

The report reveals data of Twitter users put up for sale on the dark web containing personal details such as — email, name, username, followers, and in some cases also phone numbers.

By Sneha Saha: The year 2022 has been an eventful one for Twitter. While not everything is going well at the Elon Musk-headed company, there’s more trouble coming for the firm. One of the latest reports suggests that a hacker has stolen personal data of nearly 40 crore users, including that of Google CEO Sundar Pichai and Bollywood actor Salman Khan. All the personal data is reportedly put up for sale on the dark web.

A report coming from Israeli cyber intelligence company Hudson Rock reveals that data of Twitter users put up for sale on the dark web contains personal details such as — email, name, username, followers, and in some cases also phone numbers. This isn’t the first time that hackers have accessed data of crores of Twitter users, but it is surely the biggest of all time. To recall, a couple of months ago, over 5.4 million Twitter user data was leaked. The Irish Data Protection Commission (DPC) recently announced an investigation into a past data leak.

Biggest Twitter leak

Coming to the latest leak, the anonymous hacker has posted a sample of data on one of the hacker forums. The sample data showed the kind of details that are put up for sale on the dark web. It also revealed that in the leak some high-profile accounts have also been compromised. Some of these high-profile account holders include —

– Alexandria Ocasio-Cortez

– SpaceX

– CBS Media

– Donald Trump Jr.

– Doja Cat

– Charlie Puth

– Sundar Pichai

– Salman Khan

– NASA’s JWST account

– NBA

– Ministry of Information and Broadcasting, India

– Shawn Mendes

– Social Media of WHO

Hudson Rock said that the hacker may have been able to access the personal details of crores of Twitter users due to an API vulnerability. The bug may have led to the hacker accessing personal details like email IDs and phone numbers of crores of Twitter accounts. Hudson Rock shared screenshots of the hacker’s post on the dark web.

In the post, the hacker wrote, “Twitter or Elon Musk if you are reading this you are already risking a GDPR fine over 5.4m breach imagine the fine of 400m users breach source. Your best option to avoid paying $276 million USD in GDPR breach fines like Facebook did (due to 533m users being scraped) is to buy this data exclusively.”

The hacker also said that he is open to “deal” going through a middleman. “After that I will delete this thread and will not sell this data again. And data will not be sold to anyone else which will prevent a lot of celebrities and politicians from Phishing, Crypto scams, Sim swapping, Doxxing and other things that will make your users Lose trust in you as a company and thus stunt the current growth and hype that you are having also just imagine famous content creators and influencers getting hacked on twitter that will for sure Make them ghost the platform and ruin your dream of twitter video sharing platform for content creators, also since you Made the mistake of changing twitter policy that got an immense backlash,” the hacker said as the screenshot posted by Hudson Rock shows.

Alon Gal, co-Founder and CTO of Hudson Rock, posted on LinkedIn that “the data is increasingly more likely to be valid and was probably obtained from an API vulnerability enabling the threat actor to query any email / phone and retrieve a Twitter profile, this is extremely similar to the Facebook 533m database that I originally reported about in 2021 and resulted in a $275,000,000 fine to Meta.”

Currently, neither Twitter nor Elon Musk have confirmed the data leak. The Irish Data Protection Commission (DPC) is currently investigating a past data leak that reportedly compromised over 5 million Twitter profiles.