Twitter has stated that there is no evidence that the leaked dataset of email addresses associated with 200 million Twitter users, which was recently leaked and put up for sale online, was obtained by exploiting a vulnerability in the company’s systems.
Twitter claims that the alleged November leak was of the same data obtained in July. The most recent alleged leak of Twitter user data, however, did not correspond to any of the data obtained by exploiting the bug in January 2022, and thus was not part of a system breach. Instead, Twitter claims that the 2023 data leak came from publicly available information gathered elsewhere.
“In response to recent media reports of Twitter users’ data being sold online, we conducted a thorough investigation and there is no evidence that data recently being sold was obtained by exploiting a vulnerability of Twitter systems,” the company said.
While Twitter stated that they were in contact with the Data Protection Authorities about the breach, they did not elaborate on how user accounts were linked to the emails.
“The200 million dataset could not be correlated with the previously reported incident or any data originating from an exploitation of Twitter systems,” Twitter said. “None of the datasets analyzed contained passwords or information that could lead to passwords being compromised.”
The sources for this piece include an article in BleepingComputer.