Phone Numbers of Piers Morgan, AOC, Trump Jr, 400 Million Other Twitter Users for Sale on Dark Web

A threat actor is offering to sell the usernames, emails and phone numbers associated with 400 million Twitter accounts.

The hacker, identified as Ryushi on the dark web, says the user profiles contain public and private Twitter data of Alexandria Ocasio-Cortez, Donald Trump JR, Mark Cuba, Kevin O'Leary, Piers Morgan, as well as other celebrities, politicians, journalists and government agencies.

The theft was possible due to an API vulnerability that lay open until Twitter patched the flaw in January 2022. It is believed that the same bug was exploited in the widely publicized breach that resulted in the already-known compromise of 5.4 million accounts.

Cyber-intel firm Hudson Rock highlighted the sale on Twitter, calling it a “credible threat.” Several sources have since corroborated the firm’s claims, with BleepingComputer reporting that the threat actor is demanding $200,000 in an exclusive sale, with the promise that the data won’t be leaked or used for further extortion or profits. In an exchange with the cyber news site, the person said they’d contacted Twitter to make a sale offer, but no one replied.

The threat actor’s post addresses Elon Musk directly, encouraging the Twitter owner to pay the extortion fee or face hundreds of millions in GDPR fines.

Europe’s privacy watchdog, the Irish Data Protection Commission, has recently launched an investigation into “multiple international media reports, which highlighted that one or more collated datasets of Twitter user personal data had been made available on the internet.”

If you use Twitter, consider changing your password and enabling two-factor authentication (2FA) as a secondary layer of security. Avoid SMS-based 2FA, as threat actors can find ways to intercept your incoming codes. Instead, use an authenticator app such as Google Authenticator.

Bitdefender Digital Identity Protection scans the web for unauthorized leaks of your personal data, monitoring whether your accounts are exposed and making it easy to take action before disaster strikes.

US citizens can opt for Bitdefender Identity Theft Protection which not only offers continuous monitoring of your identity, privacy and credit status, but also identity theft insurance of up to $2 million.