BreachForums seems to have yet another Twitter database for sale with a threat actor now selling a database with details of over 400 million users on the hacking forum. The post did not include an upfront price for the database.
The threat actor, who goes by the name Ryushi on the forum also provided a sample of 1,000 users from the database which includes email addresses, usernames and other private information for several prominent figures with Efani CEO Haseeb Awan verifying many of them.
This data was scraped using the same API vulnerability that allowed another threat actor named devil to distribute another database with 5.4 million records on the forum for free in September and November. This data leak was confirmed by Twitter with the site claiming that the bug was fixed back in January 2022.
The bug resulted from an update to the codebase made in June 2021 and allowed anyone to enter an email address or phone number and password on the Twitter login page and regardless of whether the password was correct or not, returned the associated Twitter ID with the email or phone number.
Twitter was initially informed of the flaw via its bug bounty program earlier in January this year and the issue was fixed upon discovery with no evidence of an exploit found at the time.
Later in July this year, Twitter learned through a press report that the vulnerability had been explored and the information collected was being sold. After reviewing a sample of the data that the threat actor was selling, Twitter could confirm that the vulnerability had been exploited before it was patched.
Ryushi also went on to suggest that Twitter and Elon Musk might want to prevent the $276 million GDPR fine stemming from the previous leak by exclusively buying the data from them, naming BreachForums administrators Pompompurin and Baphomet as middlemen.