Your Yello Ring Road To Success
GOOGLE LOGIN MY ADS MY SHOP

Twitter Denies Hacking Claims, Assures Leaked User Data Not from its System

Jan 12, 2023Ravie LakshmananData Security / Privacy

Twitter Hacking

Twitter on Wednesday said that its investigation found “no
evidence” that users’ data sold online was obtained by exploiting
any security vulnerabilities in its systems.

“Based on information and intel analyzed to investigate the
issue, there is no evidence that the data being sold online was
obtained by exploiting a vulnerability of Twitter systems,” the
company said[1]
in a statement. “The data is likely a collection of data already
publicly available online through different sources.”

The disclosure comes in the wake of multiple[2]
reports[3]
that Twitter data belonging to millions of users – 5.4 million in
November 2022, 400 million in December 2022, and 200 million last
week – have been made available for sale on online criminal
forums.

The social media giant further said the breach “could not be
correlated with the previously reported incident, nor with any new
incident,” adding no passwords were exposed. The two datasets
published in December and January are said to be identical, with
the latter having duplicated entries removed.

Twitter, in August 2022, acknowledged[4]
that a code change in June 2021 introduced an API bug that enabled
users to link Twitter accounts to a particular email address or
phone number. The flaw was subsequently exploited to scrape the
information of 5.48 million user profiles.

Ryushi, the threat actor who advertised the data dump on the
Breached hacking forum in December 2022, claimed[5]
the information was compiled using the now-fixed vulnerability.
It’s currently not known how the dataset was obtained and if it was
amassed prior to the patching of the flaw in January 2022.

The Irish Data Protection Commission (DPC) announced[6]
last month it is investigating the leak of data pertaining to 5.4
million Twitter users worldwide in November, which, according to
Twitter, is “the same as those exposed in August 2022.”

The Elon Musk-owned company also said it’s in contact with
relevant data protection authorities to clarify the “alleged
incidents,” while warning users to enable two-factor authentication
(2FA[7]) and be on the lookout
for potential phishing attempts.

Found this article interesting? Follow us on Twitter [8]
and LinkedIn[9]
to read more exclusive content we post.

References

  1. ^
    said
    (privacy.twitter.com)
  2. ^
    multiple
    (www.bbc.com)
  3. ^
    reports
    (www.reuters.com)
  4. ^
    acknowledged
    (thehackernews.com)
  5. ^
    claimed
    (www.bleepingcomputer.com)
  6. ^
    announced
    (dataprotection.ie)
  7. ^
    2FA
    (help.twitter.com)
  8. ^
    Twitter
     (twitter.com)
  9. ^
    LinkedIn
    (www.linkedin.com)

Read more