Social networks, 12.01.2023, 10:30 AM
Twitter has finally spoken out about reports that the data of 200 million users of the social network is being sold online, saying that it found no evidence that the data was leaked due to security flaws in its systems.
“In response to recent media reports about the sale of Twitter user data online, we have conducted a thorough investigation and there is no evidence that the data that was recently sold was obtained by exploiting a vulnerability in the Twitter system,” the company said.
In August, Twitter confirmed that it was data leakage of 5.4 million of its users as a result of hackers exploiting a vulnerability that was patched in January 2022. This vulnerability allowed attackers to link email addresses and phone numbers to Twitter user accounts.
However, the email addresses of 200 million users that were allegedly leaked earlier this month “cannot be linked to the previously reported incident or any data originating from the exploitation of the Twitter system,” the company said.
“None of the data sets analyzed contained passwords or information that could lead to password compromise,” the statement said.
The company added that “based on the information analyzed”, there is no evidence that the data sold online was obtained by exploiting a vulnerability in the Twitter system. “The data is probably a collection of data that is already publicly available online from various sources.”
However, Twitter did not explain how user data linked to the email addresses associated with their accounts was leaked.
Twitter also said it is currently in contact with data protection agencies and other relevant regulatory bodies in multiple countries to provide additional details regarding the “alleged incidents”.
In December 2022, the Irish Data Protection Commission (DPC) announced that it had launched an investigation into compliance with the EU’s General Data Protection Regulation (GDPR)” following news that the personal data of 5.4 million Twitter users had been leaked online .
Two years earlier, in December 2020, the same the commission fined Twitter 450,000 euros because he did not notify the supervisory body of the data security breach within the 72-hour period prescribed by the EU General Data Protection Regulation.
Cover photo: Brett Jordan, Pexels
