Twitter: Data Leak Not Due to System Error
However, a small part of the currently offered data originates from an earlier security incident. Twitter assumes that the leak was compiled from sources already publicly available.
Twitter stated that no evidence has been found that the data recently offered on the Internet was obtained from Twitter users via a vulnerability in the company’s systems. However, the short messaging service admitted that data from 5.4 million accounts was compromised by a bug that was discovered and fixed in the spring of 2022 and also disclosed in the summer, Reuters agency reported.
Another 600 million users’ data “could not be linked to either the previously reported incident or a new one,” Twitter wrote in a blog post. “There is no evidence that the data sold online was obtained by exploiting a vulnerability in Twitter’s systems. The data is likely a collection of data already publicly available online through various sources.
Security expert backs up Twitter’s statement
Most recently, 235 million Twitter users’ data had surfaced on a hacker forum. The email addresses had been used by users to set up their Twitter accounts. After analyzing the data, security researcher Troy Hunt, operator of the website Have I Been Pwned, assumed that the e-mail addresses had already been compromised before. Around 98 percent had already been included in previous leaks, he said.
In August 2022, Twitter had acknowledged a system error. Unauthorized persons were able to spy out data on Twitter users via email addresses or phone numbers. The bug had been submitted via Twitter’s vulnerability reward program.