Twitter data leak claims: is actively addressing the reports that a dataset of emails addresses millions of Twitter users. The email addresses are open for sale online by threat actors. The company has no evidence that the stolen data was the result of exploiting a system’s vulnerability.
“In response to recent media reports, Twitter conducted a thorough investigation. According to Twitter, no evidence of recently sold data was obtained by exploiting a vulnerability of Twitter systems. “
Data Leak reports from January 2022
In August, the company confirmed that threat actors actively exploited a vulnerability. It was fixed in January 2022, resulting in a data leak impacting 5.4 million Twitter users.
The attackers utilized the flaw to connect email addresses and phone numbers to the accounts of Twitter users. Today, Twitter announced that another dataset containing email addresses linked to 200 million Twitter users. It had been reported to have been leaked online earlier this month. It was not because of exploiting the vulnerability of January 2022.
“[The] 200 million dataset could not be correlated with the previously reported incident or any data originating from an exploitation of Twitter systems,” Twitter said.
We did not find any passwords or information that could lead to password compromise in any of the datasets we analyzed,” the company stated.
They also clarified that “After conducting an investigation and analyzing available information and intel. It is probable that the data is a compilation of information that is already publicly available on various online sources.”
Twitter’s Explanation
Twitter did not explain how the data leak of its users is accurately in link to email addresses associated with their accounts in its statement today. The company stated that it is currently in contact with Data Protection Authorities. Twitter is also in touch with other relevant data regulator bodies in multiple countries. The company is providing to provide additional details regarding the “alleged incidents.” In December 2022, the Irish Data Protection Commission (DPC) launched an inquiry.
It raised queries about GDPR compliance. It was following news reports of the leak of personal information of 5.4 million Twitter users. Two years prior, in December 2020, the DPC fined Twitter €450,000 (~$550,000) for failing to notify the data watchdog. It was for a breach within the 72-hour timeframe as per the EU’s General Data Protection Regulation (GDPR).