admin Twitter on Wednesday mentioned that its investigation discovered “no proof” that customers’ knowledge offered on-line was obtained by exploiting any safety vulnerabilities in its methods.
“Based mostly on info and intel analyzed to analyze the difficulty, there isn’t a proof that the info being offered on-line was obtained by exploiting a vulnerability of Twitter methods,” the corporate said in an announcement. “The info is probably going a set of information already publicly obtainable on-line by means of totally different sources.”
The disclosure comes within the wake of multiple reports that Twitter knowledge belonging to tens of millions of customers – 5.4 million in November 2022, 400 million in December 2022, and 200 million final week – have been made obtainable on the market on on-line legal boards.
The social media large additional mentioned the breach “couldn’t be correlated with the beforehand reported incident, nor with any new incident,” including no passwords have been uncovered. The 2 datasets revealed in December and January are mentioned to be an identical, with the latter having duplicated entries eliminated.
Twitter, in August 2022, acknowledged {that a} code change in June 2021 launched an API bug that enabled customers to hyperlink Twitter accounts to a specific electronic mail handle or cellphone quantity. The flaw was subsequently exploited to scrape the data of 5.48 million consumer profiles.
Ryushi, the risk actor who marketed the info dump on the Breached hacking discussion board in December 2022, claimed the data was compiled utilizing the now-fixed vulnerability. It is at the moment not identified how the dataset was obtained and if it was amassed previous to the patching of the flaw in January 2022.
The Irish Information Safety Fee (DPC) announced final month it’s investigating the leak of information pertaining to five.4 million Twitter customers worldwide in November, which, in response to Twitter, is “the identical as these uncovered in August 2022.”
The Elon Musk-owned firm additionally mentioned it is in touch with related knowledge safety authorities to make clear the “alleged incidents,” whereas warning customers to allow two-factor authentication (2FA) and be looking out for potential phishing makes an attempt.
