The microblogging site Twitter addressed reports that a dataset of email addresses linked to hundreds of millions of Twitter users was leaked and put up for sale online, saying that it found no evidence the data was obtained by exploiting a vulnerability in its systems.
“In response to recent media reports of Twitter users’ data being sold online, we conducted a thorough investigation and there is no evidence that data recently being sold was obtained by exploiting a vulnerability of Twitter systems,” the company said.
We were recently made aware of reports that Twitter user data was being sold online. After a comprehensive investigation, we found no evidence that this data originated from the exploitation of our systems. Read more here: https://t.co/4LnVG6gzae
— Twitter Support (@TwitterSupport) January 11, 2023
After a comprehensive investigation, Twitter said:
- 5.4 million user accounts reported in November were found to be the same as those exposed in August 2022.
- 400 million instances of user data in the second alleged breach could not be correlated with the previously reported incident, nor with any new incident.
- 200 million datasets could not be correlated with the previously reported incident or any data originating from the exploitation of Twitter systems.
- Both datasets were the same, though the second one had the duplicated entries removed.
- None of the datasets analyzed contained passwords or information that could lead to passwords being compromised.
Twitter said the data is likely a collection of data already publicly available online through different sources.
Last week, Cybersecurity researchers found a data dump comprising over 200 million Twitter users, that was earlier being sold for $200,000.
The data, including email address, name, screen name/username, account creation date, and follower count was offered for 8 forum credits on a famous hacker forum, which amounts to $200,000, according to the team from AI-based cyber-security firm CloudSEK.
“The vulnerability in Twitter’s API, enabled threat actors to input phone number/email address to retrieve the Twitter user ID which in turn enables data scraping,” said a CloudSEK researcher.
Bijay Pokharel
Related posts
Recent Posts
Subscribe
Cybersecurity Newsletter
You have Successfully Subscribed!
Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox. You are also consenting to our Privacy Policy and Terms of Use.