Twitter claims leaked data of 200M users not stolen from its systems

Twitter

Twitter finally addressed reports that a dataset of email addresses linked to hundreds of millions of Twitter users was leaked and put up for sale online, saying that it found no evidence the data was obtained by exploiting a vulnerability in its systems. 

“In response to recent media reports of Twitter users’ data being sold online, we conducted a thorough investigation and there is no evidence that data recently being sold was obtained by exploiting a vulnerability of Twitter systems,” the company said.

In August, the company confirmed that a data leak impacting 5.4 million Twitter users resulted from threat actors exploiting a vulnerability fixed in January 2022.

This flaw enabled the attackers to link email addresses and phone numbers to Twitter users’ accounts.

Today, Twitter said that another dataset containing email addresses linked to 200 million Twitter users that reportedly got leaked online earlier this month was not obtained by exploiting the vulnerability patched in January 2022.

“[The] 200 million dataset could not be correlated with the previously reported incident or any data originating from an exploitation of Twitter systems,” Twitter said.

“None of the datasets analyzed contained passwords or information that could lead to passwords being compromised.”

The company added that “based on information and intel analyzed to investigate the issue, there is no evidence that the data being sold online was obtained by exploiting a vulnerability of Twitter systems. The data is likely a collection of data already publicly available online through different sources.”

However, Twitter failed to explain in today’s statement how the Twitter users’ leaked data was accurately linked to email addresses associated with their accounts.

Twitter added that it’s currently in contact with Data Protection Authorities and other relevant data regulator bodies in multiple countries to provide additional details regarding the “alleged incidents.”

In December 2022, the Irish Data Protection Commission (DPC) announced that it launched an inquiry and “raised queries in relation to GDPR compliance” following news reports that the personal information of 5.4 million Twitter users was leaked online.

Two years before, in December 2020, the DPC fined Twitter €450,000 (~$550,000) after it failed to notify the data watchdog of a breach within the 72-hour timeframe required by EU’s General Data Protection Regulation (GDPR).


Original Source


A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon using the button below

Digital Patreon Wordmark FieryCoralv2

To keep up to date follow us on the below channels.

join
Click Above for Telegram
discord
Click Above for Discord
reddit
Click Above for Reddit
hd linkedin
Click Above For LinkedIn