A seller has apparently listed data realted to 400 million Twitter users for sale.
The data, that were allegedly scraped due to a vulnerability, included email, name, username, follower_count, creation_date, and phone_number.
The seller demanded $276 million USD in GDPR breach fines from Twitter to buy the stolen data exclusively.
Source: https://www.databreaches.net/vendor-claims-to-have-scraped-400m-twitter-user-records/
TPRM report: https://scoringcyber.rankiteo.com/company/twitter
"id": "twi2247261222",
"linkid": "twitter",
"type": "Breach",
"date": "12/2022",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': 400000000,
'industry': 'Social Media',
'location': 'Global',
'name': 'Twitter',
'type': 'Company'}],
'attack_vector': 'Scraping',
'data_breach': {'number_of_records_exposed': 400000000,
'personally_identifiable_information': ['email',
'name',
'phone_number'],
'type_of_data_compromised': ['email',
'name',
'username',
'follower_count',
'creation_date',
'phone_number']},
'description': 'A seller has listed data related to 400 million Twitter users '
'for sale. The data, allegedly scraped due to a vulnerability, '
'included email, name, username, follower_count, '
'creation_date, and phone_number. The seller demanded $276 '
'million USD in GDPR breach fines from Twitter to buy the '
'stolen data exclusively.',
'impact': {'data_compromised': ['email',
'name',
'username',
'follower_count',
'creation_date',
'phone_number']},
'motivation': 'Financial Gain',
'ransomware': {'ransom_demanded': 276000000},
'regulatory_compliance': {'regulations_violated': 'GDPR'},
'threat_actor': 'Unknown Seller',
'title': 'Twitter Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Data Scraping Vulnerability'}