Twitter Inc. undertook a thorough investigation in response to recent media claims that the data of 200M Twitter users were being sold online, and the results suggest that there is no proof that the data that was recently sold was obtained by exploiting a flaw in the Twitter systems.
“In response to recent media reports of Twitter users’ data being sold online, we conducted a thorough investigation and there is no evidence that data recently being sold was obtained by exploiting a vulnerability of Twitter systems”, reports Twitter.
An Update on a Recent Incident
Through the bug bounty program, the company learned about Twitter’s system vulnerability in January 2022. The company acknowledged in August that 5.4 million Twitter users had their data compromised as a result of threat actors taking use of a vulnerability that had been patched in January 2022.
The attackers were able to link email addresses and phone numbers to Twitter users’ accounts because of this bug.
Twitter stated that a second dataset believed to have been obtained by exploiting the vulnerability addressed in January 2022 and comprising email addresses belonging to 200 million Twitter users was not leaked online earlier this month.
“200 million datasets could not be correlated with the previously reported incident or any data originating from an exploitation of Twitter systems”, Twitter.
“Both datasets were the same, though the second one had the duplicated entries removed”.
Further, none of the datasets examined contained passwords or data that might compromise passwords.
The company also said, “based on the information and intel analyzed to investigate the issue, there is no evidence that the data being sold online was obtained by exploiting a vulnerability of Twitter systems”.
The data is probably a collection of data that is already openly available online from many sources.
Twitter says it will continue to communicate with data protection authorities as well as other pertinent regulators from other nations to provide clarification regarding the claimed instances.
How to Keep Your Account Safe?
- To safeguard your account from unwanted logins, activate 2-factor authentication using hardware security keys or authentication apps.
- Whenever you get any kind of email communication, be especially careful because threat actors could use the information to launch highly successful phishing attacks.
- Be cautious of emails that seem urgent or that ask for personal information; always verify that communications are coming from an official Twitter source.
Network Security Checklist – Download Free E-Book