The microblogging site Twitter addressed reports that a dataset of email addresses linked to hundreds of millions of Twitter users was leaked and put up for sale online, saying that it found no evidence the data was obtained by exploiting a vulnerability in its systems. 

“In response to recent media reports of Twitter users’ data being sold online, we conducted a thorough investigation and there is no evidence that data recently being sold was obtained by exploiting a vulnerability of Twitter systems,” the company said.

After a comprehensive investigation, Twitter said: 

Buy Me A Coffee
  • 5.4 million user accounts reported in November were found to be the same as those exposed in August 2022.
  • 400 million instances of user data in the second alleged breach could not be correlated with the previously reported incident, nor with any new incident.
  • 200 million datasets could not be correlated with the previously reported incident or any data originating from the exploitation of Twitter systems.
  • Both datasets were the same, though the second one had the duplicated entries removed.
  • None of the datasets analyzed contained passwords or information that could lead to passwords being compromised.

Twitter said the data is likely a collection of data already publicly available online through different sources. 

'EvilVideo' Vulnerability in Telegram for Android Allows Malicious APK Payloads

Last week, Cybersecurity researchers found a data dump comprising over 200 million Twitter users, that was earlier being sold for $200,000.

The data, including email address, name, screen name/username, account creation date, and follower count was offered for 8 forum credits on a famous hacker forum, which amounts to $200,000, according to the team from AI-based cyber-security firm CloudSEK.

“The vulnerability in Twitter’s API, enabled threat actors to input phone number/email address to retrieve the Twitter user ID which in turn enables data scraping,” said a CloudSEK researcher.