Heimdal
article featured image

Contents:

Twitter claims there is no connection between former system vulnerabilities and a leaked dataset of 200 million users that was recently on sale online.

On January 11th, 2023, the social media company declared this time its researchers found no evidence of the said data being obtained by exploiting a vulnerability of their system.

Twitter`S Point of View on 200M Users` Data Leakage

The company admitted in August that 5.4 million Twitter users had their data compromised as a result of threat actors taking advantage of a vulnerability that had been patched in January 2022. The attackers were able to link email addresses and phone numbers to Twitter users’ accounts because of this bug.

Regarding the leaked dataset that contained email addresses linked to 200 million users, which was reported for sale on hackers’ forums earlier this year, Twitter rejects any connection to the former system vulnerability they had patched in January 2022.

[The] 200 million dataset could not be correlated with the previously reported incident or any data originating from the exploitation of Twitter systems.

None of the datasets analyzed contained passwords or information that could lead to passwords being compromised.

Source

 

According to Twitter`s point of view, after information and intel being analyzed by their investigation team, the data could be „a collection of data already publicly available online through different sources”.

Further Implications

Cyber researchers raised a question regarding the alleged way the data was perfectly correlated to users` emails and accounts:

However, Twitter failed to explain in today’s statement how the Twitter users’ leaked data was accurately linked to email addresses associated with their accounts.

Source

In order to provide further information about the ”alleged events”, Twitter continued by saying that they are now in communication with Data Protection Authorities and other pertinent data regulator authorities in a number of different countries.

The Irish Data Protection Commission (DPC) declared in December 2022 that it had opened an investigation and ”raised issues in connection to GDPR compliance.”, due to the previous private information of 5.4 million Twitter users being posted online.

Twitter had previously been fined by DPC, in 2020, because of failing to notify the surveillance institution regarding a data leakage. On that occasion, the company had exceeded the requested maximum 72-hour timeframe established by the EU’s General Data Protection Regulation (GDPR).

If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.

Author Profile

Livia Gyongyoși

Communications and PR Officer

Livia Gyongyoși is a Communications and PR Officer within Heimdal®, passionate about cybersecurity. Always interested in being up to date with the latest news regarding this domain, Livia's goal is to keep others informed about best practices and solutions that help avoid cyberattacks.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE