Twitter: Leak of 200 Million Accounts Not Due to Historic Bug

Written by

A trove of over 200 million Twitter account records up for sale on the dark web recently was not obtained by any compromise of the social media firm’s IT systems, it has claimed in a new statement.

Twitter said that the dataset was the same as that cited in reports of a 400 million accounts trove back in December, except that it had duplicate entries removed.

However, it was not related to a breach of 5.4 million users’ Twitter records confirmed in August 2022, which was traced back to a zero-day vulnerability in the firm’s code base fixed in January last year.

In fact, the 200m+ leak couldn’t be linked to any exploitation of Twitter’s systems, the social media giant claimed.

“Based on information and intel analyzed to investigate the issue, there is no evidence that the data being sold online was obtained by exploiting a vulnerability of Twitter systems,” it said. “The data is likely a collection of data already publicly available online through different sources.”

Twitter sought to reassure users by confirming that “none of the datasets analyzed contained passwords or information that could lead to passwords being compromised.”

However, there are concerns over the dataset currently circulating on the dark web, as it links the email addresses and phone numbers on user accounts with Twitter handles.

That will put countless users at risk of convincing phishing attacks which could trick them into handing over their credentials. That could lead to account takeover, unless multi-factor authentication is enabled.

Twitter did not explain how the threat actors behind the data leak managed to link those emails to the relevant user accounts.

“Be wary of emails conveying a sense of urgency and emails requesting your private information, always double check that emails are coming from a legitimate Twitter source,” it concluded by way of advice.

However, the researcher who first discovered the 200 million user dataset seemed unconvinced by Twitter’s latest missive, claiming a third-party compromise is still the most likely source of the breach.

“Having discussed it with other security professionals and conducting my own research around it, I believe that my previous assessment is still valid,” argued Hudson Rock CTO, Alon Gal.

“For example, the authenticity of the leak is evident in the lack of false positives between Twitter usernames and emails found in the database, [as opposed to] cases of data enrichments.”

Editorial credit: Ink Drop / Shutterstock.com

What’s hot on Infosecurity Magazine?