Twitter has finally responded to reports that a set of email address data linked to hundreds of millions of Twitter users has been leaked and put up for sale online, saying it has found no evidence that the data had been obtained by exploiting a vulnerability in its systems.

“In response to recent media reports of Twitter’s online user data being sold, we have conducted a thorough investigation and there is no evidence that the recently sold data was obtained by exploiting a vulnerability in Twitter’s systems,” the company said. company. said.

In August, the company confirmed one data leak affecting 5.4 million Twitter users resulted from malicious actors exploiting a vulnerability patched in January 2022.

This flaw allowed attackers to link email addresses and phone numbers to Twitter user accounts.

Today, Twitter said another data set containing email addresses linked to 200 million Twitter users which was allegedly leaked online earlier this month was not obtained by exploiting the vulnerability patched in January 2022.

“[The] 200 million data sets could not be correlated with the previously reported incident or any data from an exploit of the Twitter systems,” Twitter said.

“None of the analyzed datasets contained passwords or information that could compromise passwords.”

The company added that “based on the information and information analyzed to investigate the issue, there is no evidence that the data sold online was obtained by exploiting a vulnerability in Twitter’s systems. The data is likely a collection of data already available to the public online through various sources.”

However, Twitter did not explain in today’s statement how the leaked Twitter user data was specifically tied to the email addresses associated with their accounts.

Twitter added that it is currently in contact with data protection authorities and other relevant data regulators in several countries to provide further details regarding the “alleged incidents”.

In December 2022, the Irish Data Protection Commission (DPC) announced that it had launched an investigation and “questions raised regarding GDPR compliancefollowing reports that the personal details of 5.4 million Twitter users were leaked online.

Two years before, in December 2020, the DPC €450,000 fine for Twitter (~$550,000) after failing to notify the data watchdog of a breach within the 72-hour period required by the EU’s General Data Protection Regulation (GDPR).


Source link