:strip_exif()/i/2005532252.jpeg?fit=%2C&ssl=1)
A hacker claims to have stolen the private data of 400 million Twitter users through a bug in an API. The hacker sells the data on a forum after fixing the API bug.
The hacker, who calls himself Ryushi, posted the data online at BreachForums. He or she claims that this is data from 400 million unique Twitter users. The datasets include the email addresses and phone numbers of those users, along with their username and other public information like follower counts. Ryushi shares a few examples of well-known users, including politicians, corporate executives, and influencers like Linus from Linus’ Tech Tips.
Ryushi says the data was pulled from an API. That API bug should have been fixed by now. Says the hacker against the computer that beeps which was the same bug as before 5.4 million user data leaked. This was possible through a bug in the Android client that allows the attacker to make a POST request to Twitter’s onboarding API. That vulnerability has since been closed, but there have already been several hacking groups exploiting the bug and stealing data. However, it has never had as many users as now.
The hacker wants to sell the data through an intermediary on BreachForums. Ryushi says he wants $200,000 for the data. With such exclusive sale, the data will subsequently be removed from the forum. If not, the hacker wants $60,000 for non-exclusive purchase. Ryushi says she went on Twitter to make a deal, but she wasn’t listened to.
