Twitter Says No Evidence Data Leak Originated From Its Servers

Twitter has publicly responded to reports of a security problem, after a researcher last week warned that 200 million user email addresses for Twitter accounts had been leaked online.

Last week Alon Gal, co-founder of Israeli cybersecurity-monitoring firm Hudson Rock, alleged that email addresses used to set up Twitter accounts, had been published on a hacking forum.

Gal said at the time that the database “contains 235,000,000 unique records of Twitter users and their email addresses.” He said the database is “circulating heavily and is now leaked” and will “unfortunately lead to a lot of hacking, targeted phishing, and doxxing.”

Twitter response

Twitter at the time did not comment on the report, but that was not surprising as the platform no longer has a press department or communications team after Elon Musk’s mass firings.

However noted security researcher Troy Hunt, creator of breach-notification site Have I Been Pwned, at the time analysed the leaked data and said on Twitter that the “addresses are only in the scraped Twitter data because they’d already been compromised elsewhere, and so the cycle continues…”

And now Twitter has officially responded to the allegation in a blog post, in which it said there was no evidence new user data leaks were obtained via a vulnerability or bug with its systems.

“We take our responsibility to protect your privacy very seriously,” blogged the firm.

“In response to recent media reports of Twitter users’ data being sold online, we conducted a thorough investigation and there is no evidence that data recently being sold was obtained by exploiting a vulnerability of Twitter systems.”

Ireland’s data protection office had recently said it would investigate the apparent security breach.

Previous incident

Twitter also addressed a previous incident last summer, when the data of 5.4 million accounts was compromised by a bug it discovered early in 2022.

“We also want to share an update about an incident that took place earlier this year, and provide transparency into the steps we took to remediate it,” it blogged.

That came after Twitter faced recent claims about the size and scope of the breach, which initially varied with early accounts in December saying 400 million email addresses and phone numbers had been stolen.

Twitter said in the blog that the 5.4 million user accounts reported in November were found to be the same as those exposed in August 2022.

It said that 400 million instances of user data in the second alleged breach could not be correlated with the previously reported incident, nor with any new incident.

It added that 200 million dataset could not be correlated with the previously reported incident or any data originating from an exploitation of Twitter systems.

Twitter said both datasets were the same, though the second one had the duplicated entries removed.

And it said that none of the datasets analysed contained passwords or information that could lead to passwords being compromised.

A hacker, using the handle “Ryushi”, had offered a sample of details from about 1,000 accounts on hacker forums in July 2022.

But Twitter said that breach had been resolved.

“Therefore, based on information and intel analysed to investigate the issue, there is no evidence that the data being sold online was obtained by exploiting a vulnerability of Twitter systems,” Twitter blogged this week.

“The data is likely a collection of data already publicly available online through different sources,” it said.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

OpenAI, Broadcom In Talks Over Development Of AI Chip – Report

Rebelling against Nividia? OpenAI is again reportedly exploring the possibility of developing its own AI…

1 day ago

Microsoft Outage Impacts Airlines, Media, Banks & Businesses Globally

IT outage causes major disruptions around the world, after Crowdstrike update allegedly triggers Microsoft outages

1 day ago

GenAI Integration Efforts Hampered By Costs, SnapLogic Finds

Hefty investment. SnapLogic research finds UK businesses are setting aside three-quarters of their IT budgets…

2 days ago

Meta Refuses EU Release Of Multimodal Llama AI Model

Mark Zuckerberg firm says European regulatory environment too ‘unpredictable’, so will not release multimodal Llama…

2 days ago

Synchron Announces Brain Interface Chat Powered by OpenAI

Brain implant firm Synchron offers AI-driven emotion and language predictions for users, powered by OpenAI's…

2 days ago