In a recent case of a Twitter data breach, the hacker named “Ryushi” demanded a ransom worth $200,000 to hand over the stolen data of 400 million users.
In regard to this, a probe has been launched by Ireland’s watchdog. According to the Data Protection Commission (DPC) it "will examine Twitter's compliance with data protection law in relation to that security issue."
As per the reports, Twitter did not comment on this claim yet, nor did it respond to the press inquiries regarding the claimed breach.
The stolen data apparently includes victims’ phone numbers and emails, including that of some celebrities and politicians. While the exact size of the haul is yet to be confirmed, only a small “sample” has been made public thus far.
Several Hints May Prove the Claim
A cybercrime intelligence firm 'Hudson Rock' was the first to bring up the issue of the sale of stolen data. One of the company's chief technology officers told BBC that several hints seemed to back up the hacker's assertion.
The data did not seem to have been copied from some earlier breach, where the details were made public from 5.4 million Twitter accounts.
Out of the 1,000 sample emails provided by the hacker in the earlier incident, only 40 emails appeared, "so we are confident that this breach is different and significantly bigger," the officer said.
Additionally, Mr. Gal noted: "The hacker aims to sell the database through an escrow service that is offered on a cyber-crime forum. Typically this is only done for real offerings." An escrow service is a third party that agrees to release funds but only after certain conditions are met (for example handing over data)
The hacker has said that the breached data was obtained and gathered by taking advantage of a vulnerability in the system, that enables computer programs to connect with Twitter.
The DCP on the other hand announced that it was investigating the earlier breach that took place on December 23, 2022. Moreover, media reports assert that the hacker is in fact aware of the loss and potential damage the breached data can do.
