A hacker has reportedly stolen and sold the personal information of nearly 400 million Twitter users on the dark web.

The stolen data is staggering in quantity and includes the emails and phone numbers of prominent personalities like American politician and activist Alexandria Ocasio-Cortez, "Shark Tank" host and businessman Kevin O'Leary and Ethereum co-founder Vitalik Buterin, Cointelegraph reported, citing Israeli cyber intelligence company Hudson Rock.

A sample given by the hacker also mentions Google CEO Sundar Pichai, singer Charlie Puth, the World Health Organization and the United States Department of the Interior and SpaceX, as per the screenshots posted by the intelligence company on Twitter.

In one of the screenshots shared by Hudson Rock, one can see the supposed message of the hacker, noting, "I am selling data of +400 million unique Twitter users that was scrapped via a vulnerability, this data is completely private."

"Twitter or Elon Musk, if you are reading this post, you are already at risk of GDPR fines for the data leak of over 54 million users. Now fines for data leak of 400 million users," the hacker continues. "Your best option to avoid paying $2.76 million in CDPR breach fines like Facebook did (due to 533 million users being scrapped) is to buy this data exclusively."

The hacker also claims to be open to the "deal" being mediated by a third party, saying, "After that, I will erase this post and will not sell this information again."

"Additionally, since data won't be sold to third parties, celebrities and politicians won't engage in Phishing, Crypto frauds, Sim swapping, Doxxing and other actions that would erode user faith in your firm, halt your present growth, and deflate your current hype," the hacker adds.

The information was most likely obtained by taking advantage of a weakness in Twitter's API, Hudson Rock co-founder and CTO Alon Gal said, according to Financial Express.

After Elon Musk's recent criticism of Twitter's policies and procedures, the tech billionaire may now be facing a data breach of his own.

The last breach, which affected more than 5.4 million people, is currently being investigated by the Irish Data Protection Commission. The said incident came to light in late November when a hacker posted a sample of the data on their website. More details about the attack may surface as the data protection authority continues its probe into the matter.

How to Check if Your Data Has Been Leaked

In the wake of the recent Twitter data breach reports, many people are wondering if their data has been leaked. While the social media giant has been tight-lipped about the extent of the incident, there is a way to check whether your data has been compromised.

You can visit Have I Been Pwned, a website that allows people to check whether their email addresses and phone numbers have been leaked in a data breach. Simply enter your email address or password into the search bar, and the website will tell you if your data has been compromised.

While the website cannot tell you if your data has been leaked in the recent security incident involving Twitter, it is a good way to check whether you may be at risk. If your data has been compromised, be sure to change your password and take other steps to protect your account.

Read more
Twitter data breach 400m users
Pixabay
Twitter Hacking