A major data leak on Twitter could cost Elon Musk dearly. Apparently, a hacker is trying to blackmail the CEO of the social network with stolen data. More than 400 million users are said to be affected.
The negative headlines about Twitter and CEO Elon Musk don’t stop. It had already become known on Friday that the Irish data protection authority DPC was investigating the company. The reason for this is a data leak from last January that included 5.4 million accounts including telephone numbers and email addresses. Now Twitter is threatened with a much greater adversity. According to a report by “Spiegel”, a hacker with the alias “Ryushi” is currently blackmailing Elon Musk and his company.
Huge dataset put up for sale by Twitter users
The data of an alleged 400 million users is currently for sale in a hacker forum. In addition to many average Joes, there should also be sensitive data from celebrities such as ex-US President Donald Trump, actress Whoopi Goldberg and Apple co-founder Steve Wozniak. “To avoid being fined $276 million in the EU like Facebook did, your best option is to buy this data exclusively,” Ryushi wrote directly to Musk on the forum.
With his threat, the blackmailer is referring to a judgment by the DPC at the end of November. At that time, the data protection authority imposed a fine of 276 million dollars on the Facebook parent company Meta. A data leak had previously disclosed the data of around 500 million users.
How much money the hacker wants from Elon Musk is unknown – Twitter does not comment
How much money “Ryushi” hopes to get from Elon Musk and Twitter is unclear. However, a chat with the blackmailer on the US tech website Bleeping Computer reveals that he is demanding $200,000 to destroy the stolen data. If no individual buyer agrees to the exclusive deal offered, he could also imagine selling several packages at 60,000 dollars each, according to “Ryushi”.
To date, there have been no official statements from Twitter or Elon Musk. Even if the data is bought back, the company will probably not be able to avoid an investigation by the DPC. Whether the data would be deleted upon a successful purchase is unclear, as is the actual number of records and whether they are complete and up-to-date.