Twitter: Leaked data of 200 million users was not stolen from our systems |
Twitter is finally responding to reports that the email addresses of hundreds of millions of users on its platform have been hacked and sold online.
"We thoroughly investigated recent media reports of Twitter selling user data online and found no evidence that the newly sold data was obtained through a security breach in Twitter's systems," the company said in a blog post.
But last August, the company confirmed that the data breach, which affected 5.4 million Twitter users, was caused by hackers exploiting a vulnerability that was patched in January 2022. The vulnerability allowed attackers to associate email addresses — email addresses and phone numbers — to accounts. Twitter user.
Referring to another dataset containing the email addresses of about 200 million Twitter users that was allegedly leaked online earlier this month, Twitter said it was not exploiting a security breach that was patched in January 2022.
The company added: “The 200 million records could not be linked to previously reported incidents or data generated by the operation of Twitter’s systems. None of the analyzed records contained any words, passwords or information that could lead to an account being compromised.
The company continued, "Based on the information analyzed to investigate the issue, there is no evidence that data sold online was obtained by exploiting a vulnerability in the company's systems. It is likely that the data is a dataset that is already publicly available online." through various sources.
However, the company did not explain in its statement exactly how the leaked Twitter user details were linked to the email addresses associated with their accounts.
Twitter added that it is currently in contact with data protection authorities and other relevant data regulators in several countries to provide more details about the "alleged incident."
In December 2022, following reports that the personal data of 5.4 million Twitter users had been leaked online, Ireland's Data Protection Commission (DPC) announced an investigation and "a GDPR compliance challenge".