The company claimed that the leak of more than 200 million email addresses belonging to Twitter users was not the result of an abuse of an internal security vulnerability.
in an update (Opens in a new tab) Posted on the company’s website, the microblogging platform addressed speculation that threat actors had abused the same vulnerability patched in January 2022 that hackers used to share the details of more than five million Twitter users.
“In response to recent media reports about the sale of Twitter users’ data online, we have conducted a thorough investigation and there is no evidence that the data recently sold was obtained by exploiting a vulnerability in Twitter’s systems,” the company said. “[The] 200 million datasets that cannot be linked to the previously reported incident or any data arising from the exploitation of Twitter’s systems.”
Data taken elsewhere
“None of the datasets analyzed contained passwords or information that could lead to password compromises.” Instead, Twitter believes the leak is an amalgamation of publicly available databases collected elsewhere, likely through separate leaks. “The data is likely to be a collection of data that is already publicly available on the Internet through various sources,” it claims.
Some experts question Twitter’s arguments, asking why the company didn’t explain how precisely the leaked data was linked to email addresses linked to people’s Twitter accounts.
The microblogging platform said it has contacted relevant data protection authorities and other organizations to provide more details about the incident.
In late November 2022, researchers discovered a large stash of sensitive identity information (Opens in a new tab)claiming that it may have been due to a security flaw that allowed anyone to check if an email address or phone number was associated with a Twitter account, and if so – which.
Millions of users from the United States and the European Union were exposed, and the media was able to confirm the veracity of at least some of the data published on the dark web.
Via: BleepingComputer (Opens in a new tab)