After over 200 million Twitter user accounts got doxxed last week, the company released a statement denying claims there were system flaws leading to the hack.
After the event, experts noted that this could be due to hackers discovering flaws in one of Twitter’s services but Twitter denied these allegations.
“In response to recent media reports of Twitter users’ data being sold online, we conducted a thorough investigation and there is no evidence that data recently being sold was obtained by exploiting a vulnerability of Twitter systems,” the social media giant wrote.
In November, there was a data leak of 5.4 million accounts which was being investigated by Ireland’s Data Protection Commission (DPC). Twitter claimed that the user accounts targeted were the same as those exposed in August 2022.
In December 2022, a hacker released over 400 million new Twitter-associated user emails and phone numbers and the same happened to 200 million fresh users last week.
“The data is likely a collection of data already publicly available online through different source,” said the statement.
The company defended the leak saying that none of the datasets they analysed contain information that could “lead to passwords being compromised” to justify their claims that the social media cite is safe for users.
Beyond their stale ‘two-factor authentication to secure passwords’ advice, the company appears to be unwilling to take responsibility for the lack of proper security measures that compromise millions of users’ data.
Alon Gal, the cyber-crime intelligence company’s co-founder, said: “I urge security researchers to conduct a thorough examination of the leaked data and rule out Twitter’s conclusion of the data being an enrichment of some sort which did not originate from their own servers.”
