Hacker offers scraped data of 400 million Twitter users

A hacker claims to have stolen the private data of 400 million Twitter users via a bug in an API. The hacker sells the data on a forum after the API bug was fixed.

The hacker, who calls himself Ryushi, has posted the data online on BreachForums. He or she claims that it concerns data from 400 million unique Twitter users. The datasets include the email addresses and phone numbers of those users, along with their usernames and other public information such as follower count. Ryushi shares a few examples from high-profile users, including politicians, business leaders, and influencers like Linus from Linus’ Tech Tips.

Ryushi says the data was scraped from an API. That API bug is said to have been fixed by now. The hacker says against BleepingComputer that it was the same bug that previously leaked 5.4 million user data. This was possible via a bug in the Android client that allows the attacker to make a POST request to Twitter’s onboarding API. That vulnerability has now been closed, but there have already been several groups of hackers who have exploited the bug and stolen data. However, it has never before involved as many users as it does now.

The hacker wants to sell the data through an intermediary on BreachForums. Ryushi says he or she wants $200,000 for the data. With such an exclusive sale, the data will be removed from the forum afterwards. If that doesn’t work, the hacker wants $60,000 per non-exclusive purchase. Ryushi says he went to Twitter to make a deal, but found no response there.