Twitter Rejects Being Responsible for the 200M Users’ Dataset Leakage in January
Internal Investigation Showed No Proof of Data Being Obtained Due to Exploiting a Twitter Vulnerability.
Twitter claims there is no connection between former system vulnerabilities and a leaked dataset of 200 million users that was recently on sale online.
On January 11th, 2023, the social media company declared this time its researchers found no evidence of the said data being obtained by exploiting a vulnerability of their system.
Twitter`S Point of View on 200M Users` Data Leakage
The company admitted in August that 5.4 million Twitter users had their data compromised as a result of threat actors taking advantage of a vulnerability that had been patched in January 2022. The attackers were able to link email addresses and phone numbers to Twitter users’ accounts because of this bug.
Regarding the leaked dataset that contained email addresses linked to 200 million users, which was reported for sale on hackers’ forums earlier this year, Twitter rejects any connection to the former system vulnerability they had patched in January 2022.
[The] 200 million dataset could not be correlated with the previously reported incident or any data originating from the exploitation of Twitter systems.
None of the datasets analyzed contained passwords or information that could lead to passwords being compromised.
We were recently made aware of reports that Twitter user data was being sold online. After a comprehensive investigation, we found no evidence that this data originated from the exploitation of our systems. Read more here: https://t.co/4LnVG6gzae
— Twitter Support (@TwitterSupport) January 11, 2023
According to Twitter`s point of view, after information and intel being analyzed by their investigation team, the data could be „a collection of data already publicly available online through different sources”.
Cyber researchers raised a question regarding the alleged way the data was perfectly correlated to users` emails and accounts:
However, Twitter failed to explain in today’s statement how the Twitter users’ leaked data was accurately linked to email addresses associated with their accounts.
In order to provide further information about the ”alleged events”, Twitter continued by saying that they are now in communication with Data Protection Authorities and other pertinent data regulator authorities in a number of different countries.
The Irish Data Protection Commission (DPC) declared in December 2022 that it had opened an investigation and ”raised issues in connection to GDPR compliance.”, due to the previous private information of 5.4 million Twitter users being posted online.
Twitter had previously been fined by DPC, in 2020, because of failing to notify the surveillance institution regarding a data leakage. On that occasion, the company had exceeded the requested maximum 72-hour timeframe established by the EU’s General Data Protection Regulation (GDPR).
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.