Share this
by Barry McIntyre on (January 13, 2023 at 8:45 AM)
Twitter stated that it found no evidence a dataset of email addresses linked to hundreds of millions of Twitter users was obtained by exploiting a vulnerability in its systems.
"In response to recent media reports of Twitter users' data being sold online, we conducted a thorough investigation and there is no evidence that data recently being sold was obtained by exploiting a vulnerability of Twitter systems," the company said.
“We take our responsibility to protect your privacy very seriously,” blogged the firm.
The breach “will unfortunately lead to a lot of hacking, targeted phishing and doxxing”, Alon Gal, co-founder of Israeli cybersecurity monitoring firm Hudson Rock, wrote on LinkedIn. Alon went on to say its “one of the most significant leaks I’ve seen”.
Previous Twitter Incident
Earlier in August 2022, Twitter confirmed that a data leak impacting 5.4 million users was due to threat actors exploiting a vulnerability fixed in January 2022.
A hacker, using the handle “Ryushi”, had offered a sample of details from about 1,000 accounts on hacker forums in July 2022.
"[The] 200 million dataset could not be correlated with the previously reported incident or any data originating from an exploitation of Twitter systems," Twitter said.
Twitter stated that "based on information and analysis" they had collected, they believed that the leaked data was not obtained by exploiting a vulnerability of Twitter's systems; instead, it was likely a collection of data already publicly available online.
However, Twitter did not explain how the Twitter users' email addresses were linked to their accounts in this collection of data.
Twitter's recent breach of user data may attract the attention of regulators in the US and Europe. The Irish Data Protection Commission, which oversees Twitter's European operations, and the US Federal Trade Commission have been monitoring the Elon Musk-owned company for compliance with European data protection rules and a US consent order respectively.