A watchdog is looking into Twitter after a hacker claimed to have private information linked to over 400 million accounts. The hacker, known as “Ryushi,” is demanding $200,000 to hand over the data, which is said to include some celebrities’ information, and delete it.
Ireland’s Data Protection Commission (DPC) says it “will examine Twitter’s compliance with data-protection law in relation to that security issue”.
Twitter has not responded to the claim.
The data is said to include phone numbers and emails, including those of celebrities and politicians, but the size of the alleged haul has not been confirmed. So far, only a small “sample” has been made public.
According to previous reports, data from US Congresswoman Alexandria Ocasio-Cortez was included in the hacker’s sample of data. The data of broadcaster Piers Morgan, whose Twitter account was recently hacked, is also said to be included.
So far, Twitter has not responded to press inquiries about the alleged breach.
Elon Musk, the CEO of Tesla, did not respond to a tweet from leading cyber-security reporter Brian Krebs, despite the fact that the breach, as Mr Krebs points out, most likely occurred before Musk took over.
Hudson Rock, a cyber-crime intelligence firm, claims to have been the first to report the data sale.
While the amount of data taken had not been verified, Alon Gal, the firm’s chief technology officer, told the BBC that a number of clues appeared to support the hacker’s claim.
According to Gal, the data did not appear to have been copied from an earlier breach in which details from 5.4 million Twitter accounts were published.
Only 60 emails were found out of the 1,000 provided by the hacker in the previous incident, “so we are confident that this breach is different and significantly larger,” he said.
“The hacker aims to sell the database through an escrow service that is offered on a cyber-crime forum. Typically this is only done for real offerings,” Gal noted.
An escrow service is a third party that agrees to release funds only when certain conditions are met (such as data transfer).
“Ryushi” has said that it exploited a problem with a system that lets computer programmes connect with Twitter to compile the data.
In 2022, Twitter addressed the system flaw. However, the flaw is also thought to have been used in the previous breach, which affected over five million accounts.
On December 23, the DPC announced that it was looking into the earlier breach.
Because Twitter’s European headquarters are in Dublin, the commission is the primary authority overseeing the company’s adherence to EU data-protection regulations.
“Reports have claimed that some additional datasets have now been offered for sale on the dark web,” the DPC said in a statement about the latest incident.
“The DPC has engaged with Twitter in this inquiry and will examine Twitter’s compliance with data-protection law in relation to that security issue.”
The hacker understands how damaging data loss can be for platforms.
In the online post offering to sell the data, it warns Twitter that buying back the data “exclusively” is its best chance of avoiding a large data-protection fine.
The DPC fined Meta 265 million euros ($276 million) in November after data scraped from more than 533 million Facebook users was leaked online.
(Adapted from BBC.com)
Categories: Economy & Finance, Entrepreneurship, Geopolitics, Regulations & Legal, Strategy, Uncategorized
Leave a Reply