Ireland’s privacy authority stated today that it would investigate a newly discovered data breach that might affect over 400 million Twitter users.

The DPC, or Data Protection Commission, is already looking into the corporation for a past incident. In the latter case, which occurred in November, hackers leaked details corresponding to 5.4 million Twitter users.

Earlier in the week, claims surfaced that the data of over 400 million Twitter users was being sold on a hacker site. The hacked data is reported to contain the impacted people’s identities, contact information, usernames, follower counts, and account creation dates.

The hacker wants $200,000

The hacker responsible for the intrusion requested $200,000 to hand over the data and destroy it. The information was allegedly obtained by exploiting a weakness in one of Twitter’s application programming interfaces.

The bug was inserted into the API through defective software deployed in 2021. It allowed hackers to discover phone numbers and email addresses linked to specific Twitter accounts.

The bug was exploited earlier this year to collect information from 5.4 million Twitter users. The Data Protection Commission of Ireland recently investigated Twitter’s response to the issue.

The DPC will broaden the scope of its examination

The DPC said yesterday that it would broaden the scope of its investigation to include the most recent data breach discovered this week.

In a statement to the BBC, the regulator said that “Reports have claimed that some additional datasets have now been offered for sale on the dark web,” adding that “The DPC has engaged with Twitter in this inquiry and will examine Twitter’s compliance with data-protection law in relation to that security issue.”

Because Twitter’s European Union headquarters are in Ireland, the DPC oversees the company’s privacy policies. For the same reason, the agency also controls many other big technology corporations with EU operations in Ireland.