© 2023 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Twitter finally comments on leaks, claims data not stolen


Twitter finally reacted to multiple reports that a dataset related to hundreds of millions of user accounts was stolen and put up for sale online. The company says it found no evidence the data was obtained by exploiting a vulnerability in its systems.

“In response to recent media reports of Twitter users' data being sold online, we conducted a thorough investigation and there is no evidence that data recently being sold was obtained by exploiting a vulnerability of Twitter systems,” the company said on its privacy page.

Twitter explained that the troves of user information didn’t match data exposed in previous security incidents last year – which the company fixed.

Cybernews reported recently that threat actors publicly disclosed 63GB of data, connecting over 200 million Twitter users with their names and email addresses. The database was entirely public and available for anyone to download. We’ve also updated our personal data leak checker with over 200 million Twitter user details posted online for free – so now you can check for yourself to see if your data shared with Twitter has been leaked.

Experts previously said they believed those who leaked the data on the hacker site BreachForums were able to take advantage of a flaw in Twitter’s services for programmers.

“The data is likely a collection of data already publicly available online through different sources,” the company now said, though.

Twitter added that none of the datasets analyzed – including leaks in December and July – contained passwords or information that could lead to passwords being compromised.

However, Twitter failed to explain how the Twitter users' leaked data was accurately linked to email addresses associated with their accounts. This is dangerous, according to Mantas Sasnauskas, the Head of Security Research at Cybernews.

“The number of users in the leak is huge. Moreover, user emails are connected to their Twitter handles and names. Now available to any threat actor, this information will potentially lead to social engineering attacks and doxing [exposing personally identifiable information online],” Sasnauskas said.

In the statement, Twitter also said it was currently in contact with Data Protection Authorities and other relevant data regulatory bodies in multiple countries to provide additional details regarding the "alleged incidents."

In December, Ireland’s Data Protection Commission (DPC) announced that it launched an inquiry and "will examine Twitter’s compliance with data protection law in relation to that security issue" following the leak.

Twitter also advised users to use two-factor authentication and “remain extra vigilant” when getting emails that could be used to steal their login credentials.

“Threat actors may leverage the leaked information to create very effective phishing campaigns. Be wary of emails conveying a sense of urgency and emails requesting your private information, always double check that emails are coming from a legitimate Twitter source,” the firm said.


More from Cybernews:

Guardian confirms ransomware attack, employee records compromised

Royal Mail suffers severe disruption following a cyber incident

Mental health company KoKo testing AI chatbot on patients causes public outcry

World Economic Forum warns of cyber insecurity in times of “epochal change”

Apple Watch faces import ban in US for infringing med company’s patent

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are marked