A trove of over 200 million Twitter account information up on the market on the darkish net just lately was not obtained by any compromise of the social media agency’s IT programs, it has claimed in a brand new assertion.
Twitter mentioned that the dataset was the identical as that cited in studies of a 400 million accounts trove again in December, besides that it had duplicate entries eliminated.
Nonetheless, it was not associated to a breach of 5.4 million customers’ Twitter information confirmed in August 2022, which was traced again to a zero-day vulnerability within the agency’s code base fastened in January final yr.
In reality, the 200m+ leak couldn’t be linked to any exploitation of Twitter’s programs, the social media big claimed.
“Primarily based on info and intel analyzed to analyze the problem, there isn’t any proof that the information being bought on-line was obtained by exploiting a vulnerability of Twitter programs,” it said. “The information is probably going a set of knowledge already publicly accessible on-line by completely different sources.”
Twitter sought to reassure customers by confirming that “not one of the datasets analyzed contained passwords or info that might result in passwords being compromised.”
Nonetheless, there are issues over the dataset at the moment circulating on the darkish net, because it hyperlinks the e-mail addresses and telephone numbers on person accounts with Twitter handles.
That may put numerous customers prone to convincing phishing assaults which may trick them into handing over their credentials. That would result in account takeover, except multi-factor authentication is enabled.
Twitter didn’t clarify how the risk actors behind the information leak managed to hyperlink these emails to the related person accounts.
“Be cautious of emails conveying a way of urgency and emails requesting your non-public info, at all times double examine that emails are coming from a official Twitter supply,” it concluded by means of recommendation.
Nonetheless, the researcher who first found the 200 million person dataset appeared unconvinced by Twitter’s newest missive, claiming a third-party compromise remains to be the almost definitely supply of the breach.
“Having mentioned it with different safety professionals and conducting my very own analysis round it, I imagine that my earlier evaluation remains to be legitimate,” argued Hudson Rock CTO, Alon Gal.
“For instance, the authenticity of the leak is obvious within the lack of false positives between Twitter usernames and emails discovered within the database, [as opposed to] circumstances of knowledge enrichments.”
Editorial credit score: Ink Drop / Shutterstock.com
