Image: TechCrunch

Twitter has released an update on an alleged incident involving the sale of platform user data online. The information about the hacking of Twitter and the receipt of data of hundreds of millions of users, which has been circulating in the media in recent weeks, has been refuted.

Twitter denies reports of the alleged sale of user data online and hacking of the platform after it was purchased by Elon Musk. The company takes the protection of user privacy seriously. Recently, there have been reports in the media that Twitter user data is being sold on the Internet. In response, the platform conducted a thorough investigation and found no evidence that the data being sold were obtained by exploiting a vulnerability in Twitter systems. In addition, the company shared news of an incident that occurred earlier in 2022 and provide information on the steps they have taken to resolve it.

We were recently made aware of reports that Twitter user data was being sold online. After a comprehensive investigation, we found no evidence that this data originated from the exploitation of our systems. Read more here: https://t.co/4LnVG6gzae

— Twitter Support (@TwitterSupport) January 11, 2023

In January 2022, through the bug bounty program, Twitter received a vulnerability report on Twitter systems. This bug resulted from a code update in June 2021 and was fixed immediately after it was discovered. In July 2022, the company learned from a press report that someone was potentially exploiting this and offering to sell the information they had collected. After reviewing a sample of data available for sale, the company confirmed that a bad actor took advantage of the problem before it was resolved.

In November 2022, some media published reports that Twitter user data were allegedly leaked to the network. As soon as the company became aware of the news, the Twitter Incident Response Team compared the data in the new report with data released to the media on July 21, 2022. The comparison showed that the exposed data were the same in both cases.

In December 2022, multiple reports were published in the press that someone claimed to have access to over 400 million email addresses and phone numbers of users associated with Twitter and that the data were exposed due to the same vulnerability discovered in January 2022. In January 2023, the media reported on a similar attempt to sell the data of 200 million Twitter-associated accounts.

After a comprehensive investigation, the Incident Response and Privacy and Data Protection teams of the platform came to the following conclusion:

• 5.4 million user accounts reported in November were found to be the same as those exposed in August 2022.
• 400 million instances of user data in the second alleged breach could not be correlated with the previously reported incident, nor with any new incident.
• 200 million dataset could not be correlated with the previously reported incident or any data originating from an exploitation of Twitter systems.
• Both datasets were the same, though the second one had the duplicated entries removed.
• None of the datasets analyzed contained passwords or information that could lead to passwords being compromised.

Twitter said that based on the information and intelligence analyzed to investigate the issue, there is no evidence that the data sold online were obtained by exploiting a vulnerability in Twitter's systems. The data are likely to comprise a set of data already publicly available on the Internet from various sources. The company is in contact with data protection authorities and other relevant regulatory authorities from various countries to provide clarifications on alleged incidents and will continue to do so.

© 2023, Eva Fox | Tesmanian. All rights reserved.

_____________________________

We appreciate your readership! Please share your thoughts in the comment section below. 

Article edited by @SmokeyShorts; follow him on Twitter

Follow @EvaFoxU