The leak of over 200 million e mail addresses belonging to Twitter users is not a end result of an internal vulnerability being abused, the organization has claimed.
In an update (opens in new tab) posted to the organization website, the microblogging system resolved the speculations that the risk actors abused the exact same vulnerability that was patched in January 2022, which hackers employed to share information on more than five million Twitter customers.
“In response to modern media reviews of Twitter users’ data becoming sold on-line, we executed a complete investigation and there is no proof that info a short while ago being marketed was received by exploiting a vulnerability of Twitter systems,” the enterprise mentioned. “[The] 200 million dataset could not be correlated with the previously described incident or any facts originating from an exploitation of Twitter programs,” it extra.
Info taken somewhere else
“None of the datasets analyzed contained passwords or details that could direct to passwords remaining compromised.” Alternatively, Twitter believes the leak is an amalgamation of publicly accessible databases gathered elsewhere, possible by means of individual leaks. “The facts is likely a collection of facts already publicly obtainable on line as a result of various sources,” it claims.
Some industry experts are questioning Twitter’s arguments, asking why the organization did not describe how the leaked facts was correctly joined to e mail addresses associated with people’s Twitter accounts.
The microblogging platform mentioned it achieved out to pertinent info defense authorities and other companies to supply a lot more aspects about the incident.
In late November 2022, researchers found out a key data dump of sensitive identification info (opens in new tab), boasting it was in all probability owing to a vulnerability that authorized any person to cross-examine if an email address or a cellular phone variety was affiliated with a Twitter account, and if so – which one particular.
Thousands and thousands of consumers from the US and EU have been uncovered, and the media managed to confirm the authenticity of at minimum some of the information posted to the darkish net.
Through: BleepingComputer (opens in new tab)