KUALA LUMPUR (Dec 28): A threat actor claims they have obtained data of 400 million Twitter users and is attempting to sell it.

In a Dec 25 blog post on Security Affairs, which covers all aspects of cyber security, Pierluigi Paganini, Chief Information Security Officer at Bit4Id (and member of the European Union Agency for Network and Information Security), said the  seller claims the database is private, he provided a sample of 1,000 accounts as proof of claims which included the private information of prominent users such as Donald Trump JR, Brian Krebs, and many more.

Paganini said the seller, a member of data breach forums named Ryushi, claims the data was scraped via a vulnerability, it includes emails and phone numbers of celebrities, politicians, companies, normal users, and a lot of OG and special usernames.

The seller is also inviting Twitter and Elon Musk to buy the data to avoid GDPR lawsuits.

“Twitter or Elon Musk if you are reading this you are already risking a General Data Protection Regulation (GDPR) fine over 5.4m breach imaging the fine of 400m users breach source. Your best option to avoid paying US$276 million in GDPR breach fines like facebook did (due to 533m users being scraped) is to buy this data exclusively.” reads the advertising.

The seller also announced that the sale is covered by the escrow service offered by the Breached forum administrators (pompompurin).

Paganini added that it was not possible to verify the claims of the seller.

He said Ireland’s Data Protection Commission on Friday (Dec 23) opened a probe into Twitter over an August data breach that has reportedly impacted 5.4 million Twitter users.