A watchdog is to investigate Twitter after a hacker claimed to have private details linked to more than 400 million accounts.
The hacker, “Ryushi”, is demanding $200,000 (£166,000) to hand over the data – reported to include that of some celebrities – and delete it.
Ireland’s Data Protection Commission (DPC) says it “will examine Twitter’s compliance with data-protection law in relation to that security issue”.
Twitter has not commented on the claim.
The data is said to include phone numbers and emails, including those belonging to celebrities and politicians, but the purported size of the haul is not confirmed. Only a small “sample” has so far been made public.
The Guardian reported that data of US Congresswoman Alexandria Ocasio-Cortez was included in the sample of data published by the hacker. The data of broadcaster Piers Morgan, who recently had his Twitter account hacked, is also reported to be included.
Twitter has so far not responded to press inquiries about the claimed breach.
Chief executive Elon Musk did not reply to a tweeted request for comment from leading cyber-security reporter Brian Krebs – though the breach, as Mr Krebs notes, probably occurred before the Tesla boss took over.
Cyber-crime intelligence company Hudson Rock says it was the first to raise the alarm about the data sale.
While acknowledging the amount of data taken had not been verified, the firm’s chief technology officer, Alon Gal, told that a number of clues appeared to support the hacker’s claim.
The data did not appear to have been copied from an earlier breach in which details were published from 5.4 million Twitter accounts, Mr Gal said.
Only 60 emails out of the sample of 1,000 provided by the hacker in the earlier incident appeared, “so we are confident that this breach is different and significantly bigger”, he said.
Also, Mr Gal noted: “The hacker aims to sell the database through an escrow service that is offered on a cyber-crime forum. Typically this is only done for real offerings.”
An escrow service is a third party that agrees to release funds only when certain conditions (such as handing over data) are met.
News Source: BBC