Twitter on Wednesday mentioned that its investigation discovered “no proof” that customers’ information offered on-line was obtained by exploiting any safety vulnerabilities in its methods.
“Primarily based on info and intel analyzed to analyze the difficulty, there isn’t any proof that the information being offered on-line was obtained by exploiting a vulnerability of Twitter methods,” the corporate mentioned in a press release. “The information is probably going a group of information already publicly obtainable on-line by way of completely different sources.”
The disclosure comes within the wake of a number of experiences that Twitter information belonging to thousands and thousands of customers – 5.4 million in November 2022, 400 million in December 2022, and 200 million final week – have been made obtainable on the market on on-line felony boards.
The social media big additional mentioned the breach “couldn’t be correlated with the beforehand reported incident, nor with any new incident,” including no passwords had been uncovered. The 2 datasets printed in December and January are mentioned to be similar, with the latter having duplicated entries eliminated.
Twitter, in August 2022, acknowledged {that a} code change in June 2021 launched an API bug that enabled customers to hyperlink Twitter accounts to a specific electronic mail deal with or cellphone quantity. The flaw was subsequently exploited to scrape the data of 5.48 million person profiles.
Ryushi, the risk actor who marketed the information dump on the Breached hacking discussion board in December 2022, claimed the data was compiled utilizing the now-fixed vulnerability. It is presently not identified how the dataset was obtained and if it was amassed previous to the patching of the flaw in January 2022.
The Irish Knowledge Safety Fee (DPC) introduced final month it’s investigating the leak of information pertaining to five.4 million Twitter customers worldwide in November, which, based on Twitter, is “the identical as these uncovered in August 2022.”
The Elon Musk-owned firm additionally mentioned it is in touch with related information safety authorities to make clear the “alleged incidents,” whereas warning customers to allow two-factor authentication (2FA) and be looking out for potential phishing makes an attempt.
