Twitter Rejects Blame for Alleged Leak of 200 Million User Accounts

Twitter has released a privacy notice informing users that the latest data leak reports have nothing to do with any vulnerability in the company’s systems.

Press reports regarding troves of leaked Twitter profiles and associated data have circulated abundantly in the past few months. But, according to the beleaguered microblogging platform, the latest reports actually have nothing to do with any weaknesses in its infrastructure.

“In December 2022, additional press reports published that someone claimed that they have access to over 400 million Twitter-associated user emails and phone numbers, and that the data had been exposed through the same vulnerability discovered in January 2022,” the social platform said. “Recently, in January 2023, a similar attempt to sell data from 200 million Twitter-associated accounts was reported in the media.”

But after careful consideration and investigation, the company says its Response and Privacy and Data Protection teams concluded the following:

·      5.4 million user accounts reported in November were found to be the same as those exposed in August 2022

·      400 million instances of user data in the second alleged breach could not be correlated with the previously reported incident, nor with any new incident

·      200 million dataset could not be correlated with the previously reported incident or any data originating from an exploitation of Twitter systems

·      Both datasets were the same, though the second one had the duplicated entries removed

·      None of the datasets analyzed contained passwords or information that could lead to passwords being compromised

Based on information and intel analyzed to investigate the issue, Twitter says, in bold font, that “There is no evidence that the data being sold online was obtained by exploiting a vulnerability of Twitter systems. The data is likely a collection of data already publicly available online through different sources.”

As it continues to monitor reports of potential incidents stemming from leaks, Twitter is keeping data protection authorities and other regulators updated to ensure the public stays informed.Twitter users are encouraged to enable 2-factor authentication (if they haven’t done so already), using authentication apps or hardware security keys to protect their account from unauthorized logins.

The company acknowledges the dangers surrounding the leaks, so it urges users to remain “extra vigilant … as threat actors may leverage the leaked information to create very effective phishing campaigns.”

Bitdefender Digital Identity Protection scans the web for unauthorized leaks of your personal data, monitoring whether your accounts are exposed and making it easy to take action before disaster strikes.