Twitter Hacked: Data Of 400 mn Users Up For Sale, Sundar Pichai and Salman Khan On The List

NEW DELHI: Twitter faces a major security scare as a hacker claims to have accessed personal data of over 400 million users, including high-profile names like Sundar Pichai, CEO of Google, Bollywood actor Salman Khan, Donald Trump Jr., Steve Wozniak, and singer Charlie Puth. The hacker, known online as Ryushi, shared sample data to substantiate the claim.

The alleged breach reportedly includes emails and phone numbers, with the hacker demanding that Twitter or CEO Elon Musk purchase the data to avoid potential fines under the European Union’s General Data Protection Regulation (GDPR). Such fines could reportedly reach up to USD 276 million, similar to penalties faced by other tech companies for large-scale data leaks.

In a message posted online, Ryushi stated:
“Twitter or Elon Musk, if you are reading this, you are already risking a GDPR fine over the 5.4 million user breach. Imagine the fine for a 400 million user breach. Your best option to avoid paying $276 million is to buy this data exclusively.”

Cybersecurity experts have verified portions of the leaked data. Alon Gal, co-founder and chief technology officer at Israel-based cybercrime intelligence firm Hudson Rock, confirmed that the data checked by third parties appears genuine. According to Gal, the breach likely exploited a flaw in Twitter’s API, enabling the hacker to query any email or phone number and retrieve associated Twitter profiles.

This revelation comes in the wake of an ongoing investigation by the Irish Data Protection Commission (DPC) into a previous Twitter data leak affecting 5.4 million users. That earlier incident exposed email addresses, phone numbers, and Twitter handles, highlighting ongoing vulnerabilities in the platform’s data protection measures.

Twitter has yet to issue an official statement on the 400-million-user breach. The incident raises fresh concerns over the social media platform’s ability to safeguard sensitive user information and maintain compliance with global privacy regulations.