Twitter Denies That Leaked Data From 200 Million Accounts Came From Its Systems

There’s a variety of Twitter information circulating nowadays, within the lengthy and chaotic wake of Elon Musk’s takeover. But in case you are (or ever had been) a Twitter person, I promise, this specific story might be one thing you most likely wish to preserve tabs on.

The social media platform has claimed {that a} treasure trove of leaked person knowledge, containing electronic mail addresses linked to about 235 million Twitter accounts, didn’t come from its methods. The compilation of person data ended up on a darkish net market, on the market for nearly $2, earlier this month, in keeping with a number of studies.

Though electronic mail addresses and corresponding Twitter handles may not look like delicate data, the leak prompted considerations that nameless social media accounts could possibly be tied to real-world identities and that the knowledge would make hacking into accounts far simpler. Initially, Twitter didn’t reply to media retailers’ requesting remark or data. But now, a couple of week later, the corporate has launched an announcement.

“Based on information and intel analyzed to investigate the issue, there is no evidence that the data being sold online was obtained by exploiting a vulnerability of Twitter systems,” the corporate wrote, relating to these 235 million person knowledge factors, in a Wednesday night time blogpost. “The data is likely a collection of data already publicly available online through different sources,” the publish claimed.

In the quick aftermath of the leak’s detection on January 4, Bleeping Computer reportedly confirmed the validity of various the emails. The cybersecurity-focused information outlet additionally linked these 235 million emails/account pairs to an earlier December leak, containing each telephone numbers and emails linked with about 400 million Twitter accounts. Note: Twitter solely had round 368 million month-to-month energetic customers in December 2022, so the leaked knowledge may, in principle, embody all of those accounts. Allegedly, the smaller January leak was a cleaned up model of the sooner knowledge with fewer duplicates, in keeping with Bleeping Computer.

And, in a number of studies, each of these knowledge dumps had been considered associated to a fair earlier safety failure, which Twitter publicly acknowledged in August 2022. A deadly flaw within the social platform’s software program interface (API) allowed anybody to get the Twitter ID of a person by looking their telephone or electronic mail—even when the person in query didn’t have their telephone or electronic mail publicly linked with their Twitter deal with. The firm admitted that the API flaw was associated to knowledge being bought by a “bad actor,” and claimed to be notifying affected customers.

Though, its Wednesday assertion, Twitter has now denied this hyperlink. The firm claims that, after an inner investigation, the December 400 million person leak “could not be correlated with the previously reported incident, nor with any new incident.” And that the January 200 million account dataset, “could not be correlated with the previously reported incident or any data originating from an exploitation of Twitter systems.” Further, the corporate claimed that each datasets had been the identical, with the smaller one merely being cleaned of duplicates—supporting earlier studies.

Twitter’s blogpost additionally famous that the corporate is at the moment in contact with “Data Protection Authorities and other relevant regulators…to provide clarification about the alleged incident.” However, that’s the place the location’s clarification ends. Twitter provided no extra data on how, precisely, correct compilations of a whole lot of hundreds of thousands of Twitter accounts’ knowledge ended up on a hacker market. And, clearly, the corporate denying duty doesn’t change that the knowledge is on the market.

Gizmodo reached out to Twitter for extra data, however didn’t instantly obtain a response. Following Musk’s acquisition of the location—the corporate dissolved its public relations division.

This whole knowledge debacle is simply the newest in Twitter’s lengthy historical past of breaches and safety failures. In 2020, a large hack concentrating on superstar customers resulted in former President Barack Obama’s official account, amongst many others, tweeting out a crypto rip-off. And in 2019, the social media platform disclosed one other breach that meant “private” tweets from Android customers were not, in fact, private.

Ireland’s Data Protection Commission fined twitter greater than half one million {dollars} for failing to promptly report and doc that Android breach. The similar Irish regulator is also investigating the platform’s API vulnerability, in a probe introduced in December.


#Twitter #Denies #Leaked #Data #Million #Accounts #Systems
https://gizmodo.com/twitter-hack-elon-musk-social-media-dark-web-1849979139