Twitter to be investigated over data-protection breach affecting over '400 million' users

Elon Musk's Twitter is set to be investigated by Ireland's Data Protection Commission (DPC) over a hack claim involving private details of more than 400 million accounts, as per a report from BBC. hacker, known as "Ryushi," is demanding $200,000 to hand over data, which reportedly includes that of some celebrities, and delete it. DPC has said it will "examine Twitter's compliance with data-protection law in relation to that security issue." data is said to include phone numbers and emails, but scale of hack has not been confirmed. Only a small "sample" has so far been me public.

Guardian reported that data belonging to US Congresswoman Alexandria Ocasio-Cortez was included in sample of data published by hacker. data of brocaster Piers Morgan, who recently h his Twitter account hacked, is also reported to be included. Twitter has not commented on claim.

"Ryushi" plans to sell data

Cyber-crime intelligence company Hudson Rock raised alarm about data sale. While acknowledging amount of data taken h not been verified, company's Chief Technology Officer, Alon Gal, told BBC that a number of clues appeared to support hacker's claim. data did not appear to have been copied from an earlier hack in which details were published from 5.4 million Twitter accounts, according to Gal.

He also noted that "Ryushi" plans to sell database through an escrow service offered on a cyber-crime forum, which is typically only done for genuine offerings. In a statement, DPC acknowledged its ongoing investigation into an earlier Twitter hack but said: "Reports have claimed that some ditional datasets have now been offered for sale on dark web. DPC has engaged with Twitter in this inquiry and will examine Twitter's compliance with data-protection law in relation to that security issue." As Twitter's European hequarters are based in Dublin, DPC is le authority responsible for supervising platform's compliance with EU data-protection rules.

"Ryushi" claims to have exploited a problem with a system that allows computer programs to connect with Twitter in order to compile data. Twitter fixed weakness in 2022, but flaw is also believed to have been used in earlier hack affecting more than five million accounts. DPC announced it was investigating that hack on 23 December.

hacker has warned Twitter that its best chance of avoiding a large data-protection fine is to buy back data "exclusively." In November, Meta was hit with a €265 million ($276 million) fine by DPC after data scraped from more than 533 million Facebook users was leaked online. UK Information Commissioner's Office (ICO) has said it is aware of "media reports" regarding Twitter user's personal information being me available on internet and is "engaged in dialogue with Twitter's data protection officer" and will "be making enquiries on this matter." ICO ded that it will co-operate with Data Protection Commission of Ireland.