DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Vendor Claims to Have Scraped 400M Twitter User Records (with UPDATE 1)

Posted on December 26, 2022 by Dissent

Perhaps the top story this past week involves a sales offering on a popular hacking-related forum. The seller, who first joined the forum in December, has listed information on 400 million Twitter users for sale.  No price is specified in the listing.

The data, that were allegedly scraped due to a vulnerability, include email, name, username, follower_count, creation_date, and phone_number. The seller provides a sample on the forum that involves well-known individuals.

Listing on forum offers to sell information of 400 million Twitter users

And then they provide an option for Twitter or Elon Musk to buy the data from them:

Twitter or Elon Musk if you are reading this you are already risking a GDPR fine over 5.4m breach imaging the fine of 400m users breach source
Your best option to avoid paying $276 million USD in GDPR breach fines like facebook did (due to 533m users being scraped) is to buy this data exclusively,
Which can go through the official owner middle man on here @pompompurin or admin @Baphomet after that I will delete this thread and will not sell this data again.
And data will not be sold to anyone else which will prevent a lot of celebrities and politicians from Phishing, Crypto scams, Sim swapping, Doxxing and other things that will make your users
aLose trust in you as a company and thus stunt the current growth and hype that you are having also just imagine famous content creators and influencers getting hacked on twitter that will for sure Make them ghost the platform and ruin your dream of twitter video sharing platform for content creators, also since you Made the mistake of changing twitter policy that got an immense backlash
From content creators this is a sensitive time, which will make things far worse and if you are unsure just run a poll on twitter like usual and people will choose their fate, because at the end of the
Day it’s the company’s fault that this data was breached.

So far, no one has challenged the accuracy of the sample of well-known users, and that may be significant.

Of note, the scraping is not current. It appears to be part of a scraping incident previously addressed and disclosed by Twitter. At the time, Twitter wrote:

We will be directly notifying the account owners we can confirm were affected by this issue. We are publishing this update because we aren’t able to confirm every account that was potentially impacted, and are particularly mindful of people with pseudonymous accounts who can be targeted by state or other actors.

So Twitter had no idea that 400 million users had been affected?

On December 23, the day the sales listing appeared, the Irish DPC issued a statement that it was launching an investigation into earlier claims about 5.4 million Twitter users’ data being available on the internet after the scraping incident mentioned above. If the DPC is seeing the 5.4 million breach as a potentially finable offense, the seller is using that as leverage to try to get Musk and Twitter to pay to buy the data exclusively.

Of course, even if Musk or Twitter were to buy the data exclusively, the word of a criminal cannot be trusted, and the DPC might still take action against Twitter, as might the FTC.

But for now, it’s important to note that there has been no response from Twitter either confirming or denying that the data are real.

Update December 27: There is still no response from Twitter, but Lawrence Abrams of Bleeping Computer has a report that involves more information provided by Ryushi. According to the seller’s statements to Abrams, the scraped data was combined with another IP address to obtain more public info on individuals to create the profiles. So these data are presumably not from a single scrape or just Twitter but represent a combination of sources.  Read more at BleepingComputer.

Related posts:

  • DCLeaks was a conspiracy to get Trump elected, but wait until you hear these Russian hackers’ motivation!
  • A 2020 Data Breach That Continues To Remain An Unsolved Mystery
  • Data Protection Commission announces decision in Twitter inquiry
Category: Business SectorOther

Post navigation

← Cyber attacks set to become ‘uninsurable’, says Zurich chief
Cyber insurers “missing” key nuances in their underwriting strategies →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit
  • British national “IntelBroker” charged with causing $25 million in damages; U.S. seeks his extradition from France
  • France issues press statement about arrest of ShinyHunters members
  • Patients Allege Home Delivery Pharmacy Failed to Timely Notify Them of Data Breach

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions
  • NY Attorney General James Affirms Hospitals Must Provide Access to Emergency Abortion Care
  • How Internet of Things devices affect your privacy – even when they’re not yours

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.