February 5, 2023


Today's News Headlines, Breaking News & Latest News from India and World, News from Politics, Sports, Business, Arts and Entertainment

Twitter says ‘no evidence’ user data being sold online comes from hack

2 min read

Twitter said that after investigating reports that more than 400 million users’ information was being sold online, it found “no evidence” that it was obtained by exploiting vulnerabilities in its systems.

The Elon Musk-owned social network detailed the investigation Blog post Wednesday. In December 2022, a hacker claimed to sell the email and phone numbers of 400 million Twitter-related users on the black market, according to press reports. Earlier this month, “a similar attempt to sell data from 200 million Twitter-related accounts was reported in the media,” which according to Twitter was the same dataset that was reported in December with the duplicates removed.

Based on its investigation, “there is no evidence that data sold online was obtained by exploiting vulnerabilities in Twitter’s systems,” the agency said. “Data is probably a collection of data that is publicly available online through various sources.”

Twitter noted that in August 2022, it disclosed that it had received a report through its bug-bounty program of a vulnerability in Twitter’s systems in January of last year that allowed someone to reveal a Twitter account associated with it using an email address or phone number. The information agency said it updated its code in June 2021 to fix the bug.

In July 2022, “We learned through a press report that someone has potentially taken advantage of this and is offering to sell the information they’ve collected,” Twitter said. “After reviewing a sample of the data available for sale, we confirmed that a bad actor took advantage of the issue before it was addressed.” Twitter said it notified affected users “immediately” about the issue. In November, media reports stated that 5.4 million Twitter user accounts were being sold online; According to Twitter’s investigation, those were the same accounts that were exposed in August 2022.

Twitter said it was “contacting data protection authorities and other relevant regulators” in various countries to “provide clarification on the alleged incidents.”

The company also said that, while no passwords were disclosed in the incidents, it encourages all Twitter users to enable two-factor authentication using authentication applications or hardware security keys to protect against unauthorized logins.

“We encourage Twitter users to be extra cautious when communicating in any form via email, as threat actors can take advantage of leaked information to create very effective phishing campaigns,” the company said in a blog post. “Beware of emails that convey a sense of urgency and emails that request your personal information, always double-check that emails are coming from a legitimate Twitter source.”

Leave a Reply

Your email address will not be published. Required fields are marked *