Twitter on Wednesday mentioned that its investigation discovered “no proof” that customers’ information bought on-line was obtained by exploiting any safety vulnerabilities in its techniques.
“Based on info and intel analyzed to analyze the difficulty, there isn’t a proof that the information being bought on-line was obtained by exploiting a vulnerability of Twitter techniques,” the corporate mentioned in an announcement. “The information is probably going a group of information already publicly obtainable on-line by means of completely different sources.”
The disclosure comes within the wake of a number of stories that Twitter information belonging to hundreds of thousands of customers – 5.4 million in November 2022, 400 million in December 2022, and 200 million final week – have been made obtainable on the market on on-line prison boards.
The social media big additional mentioned the breach “couldn’t be correlated with the beforehand reported incident, nor with any new incident,” including no passwords had been uncovered. The two datasets printed in December and January are mentioned to be similar, with the latter having duplicated entries eliminated.
Twitter, in August 2022, acknowledged {that a} code change in June 2021 launched an API bug that enabled customers to hyperlink Twitter accounts to a specific e-mail tackle or telephone quantity. The flaw was subsequently exploited to scrape the knowledge of 5.48 million person profiles.
Ryushi, the menace actor who marketed the information dump on the Breached hacking discussion board in December 2022, claimed the knowledge was compiled utilizing the now-fixed vulnerability. It’s presently not identified how the dataset was obtained and if it was amassed previous to the patching of the flaw in January 2022.
The Irish Data Protection Commission (DPC) introduced final month it’s investigating the leak of information pertaining to five.4 million Twitter customers worldwide in November, which, in line with Twitter, is “the identical as these uncovered in August 2022.”
The Elon Musk-owned firm additionally mentioned it is involved with related information safety authorities to make clear the “alleged incidents,” whereas warning customers to allow two-factor authentication (2FA) and be looking out for potential phishing makes an attempt.