400 million Twitter users getting sold over compromised dark web hacking forums. You can make an exclusive purchase for $200,000 or buy numerous copies at $60,000 a pop...

Continue reading
A threat actor named Ryushi is reportedly selling the data of 400+ million unique Twitter users on the Breached hacking forum. Ryushi claims to have collected the data using a now-fixed API vulnerability and is offering the data for an exclusive purchase of $200,000. If no exclusive purchase is made, Ryushi will reportedly sell copies of the data to multiple buyers for $60,000 per sale. The data being sold includes public and private information of users, such as email addresses, names, usernames, follower count, creation date, and phone numbers. Ryushi has linked to a forum post explaining how the data could be used for phishing attacks, crypto scams, and BEC attacks.
Threat Actor Ryushi claimed to have collected the data of 400+ million unique Twitter users using a now-fixed API vulnerability. The forum post includes sample data for 37 celebrities, politicians, journalists, corporations, and government agencies, including Alexandria Ocasio-Cortez, Donald Trump Jr., Mark Cuba, Kevin O'Leary, and Piers Morgan. A larger sample of 1,000 Twitter user profiles was later leaked. Ryushi told Secure Blink that they are attempting to sell the data exclusively to a single person/Twitter for $200,000 and will then delete the data. If an exclusive purchase is not made, they will sell copies to multiple people for $60,000 per sale.

*Twitter Data on Breached Hacking Forum*
The data being sold includes private information of users, such as email addresses and phone numbers. While almost all this data is publicly accessible to any Twitter user, phone numbers and email addresses are private information. The leaked user profiles contain public and private Twitter data, including users' email addresses, names, usernames, follower count, creation date, and phone numbers. Although all the leaked profiles appear to have email addresses associated with them, many do not have phone numbers. The threat actor Ryushi also linked to a post explaining how other threat actors for phishing attacks, crypto scams, and BEC attacks could abuse this data.
The threat actor Ryushi confirmed to Secure Blink that they collected the private phone numbers and email addresses using an API vulnerability that Twitter fixed in January 2022 and was previously associated with a 5.4 million user data breach. This vulnerability allowed a person to feed large lists of phone numbers and email addresses into a Twitter API and receive an associated Twitter user ID. The threat actor then used this ID with another IP to retrieve the public profile data for the users, building a Twitter user profile consisting of public and private data.
While it is not currently possible to thoroughly verify that the database contains data on 400 million users, Alon Gal of threat intelligence company Hudson Rock has stated that the leaked samples appear legitimate. Twitter has not yet commented on the alleged data breach.
It is important to regularly update your social media privacy settings and be cautious of any suspicious activity or unfamiliar communications. Use strong, unique passwords for all your accounts and enable two-factor authentication when possible. Be wary of any unexpected or unsolicited communications, and do not click on unfamiliar links or download attachments from unknown sources. Consider using a reputable security solution to protect your devices and personal information.

A third-party software flaw inside one of Japan's largest telcos exposed login credentials for up to 14.2 million email accounts across six ISPs. The passwords? Some were hashed. Some may not have been