Hackers ‘GDPR’ threat to Elon Musk: We have data of 400 million Twitter users – Times of India

A hacker has claimed that he has obtained the data of 400 million Twitter users and is asking the company CEO Elon Musk to buy it so that he can avoid a fine from the EU for GDPR data breach. The threat actor has also provided a sample of data as a proof and claims that it includes emails as well as phone numbers of celebrities, politicians, among others.
How did the hacker get private data
The seller, who is reported to be a member of data breach forums named Ryushi, claims that he/ she got them by exploiting a vulnerability. The hacker says the private data includes emails and phone numbers of people of clout.
Alon Gal, co-founder and CTO at Hudson Rock cybersecurity company, posted the details of the hack on LinkedIn.

Hacker wants to sell data to Musk
Reportedly, the seller is trying to strike a deal with Twitter CEO Musk to buy the data to avoid GDPR lawsuits.
“Twitter or Elon Musk if you are reading this you are already risking a GDPR fine over 5.4m breach imaging the fine of 400m users breach source. Your best option to avoid paying $276 million in GDPR breach fines like facebook did (due to 533m users being scraped) is to buy this data exclusively,” an purported message from the hacker reads.

Irish DPC probing Twitter data leak
The news comes a few days after the Irish Data Protection Commission (DPC) launched an investigation into a Twitter data leak that affected over 5.4 million users worldwide.
“The DPC, having considered the information provided by TIC regarding this matter to date, is of the opinion that one or more provisions of the GDPR and/or the Act may have been, and/or are being, infringed in relation to Twitter Users’ personal data,” read the December 23 announcement by Data Protection Commission.
As per a report by Bleeping computer, the previous breach was found in late November and data was stolen when hackers exploited an API vulnerability that Twitter fixed in January.

Pompompurin, the owner of the Breached hacking forum, was cited as saying that there was another data set of 1.4 million Twitter profiles that was not sold but was only shared among a few people. Pompompurin is also reported to have offered escrow service for the sale.
Claims to also have Twitter data of Google CEO and Bollywood actors
Some reports also claim that the hacker is attempting to sell the data, which contains the personal data (such as phone numbers and email addresses) of prominent Twitter users, including Alphabet and Google CEO Sundar Pichai, Bollywood actor Salman Khan, Ministry of Information and Broadcasting of India, Musk-owned SpaceX, CBS Media, Donald Trump Jr., American politician Alexandria Ocasio-Cortez, among others.

Meanwhile, ethical hacker Sunny Nehra says that hackers may dump more data acquired by exploiting the same vulnerability.