A trove of about 200 million Twitter account data up for sale on the dark web lately was not obtained by any compromise of the social media firm’s IT methods, it has claimed in a new statement.
Twitter stated that the dataset was the exact same as that cited in reports of a 400 million accounts trove again in December, other than that it experienced duplicate entries removed.
Even so, it was not connected to a breach of 5.4 million users’ Twitter information confirmed in August 2022, which was traced back to a zero-working day vulnerability in the firm’s code foundation set in January previous 12 months.
In truth, the 200m+ leak couldn’t be joined to any exploitation of Twitter’s devices, the social media huge claimed.
“Based on facts and intel analyzed to examine the issue, there is no evidence that the info remaining sold online was acquired by exploiting a vulnerability of Twitter systems,” it explained. “The information is very likely a assortment of facts currently publicly accessible on the net by unique resources.”
Twitter sought to reassure consumers by confirming that “none of the datasets analyzed contained passwords or information and facts that could lead to passwords staying compromised.”
Nevertheless, there are worries around the dataset at this time circulating on the dark web, as it links the email addresses and phone numbers on person accounts with Twitter handles.
That will put numerous customers at risk of convincing phishing attacks which could trick them into handing in excess of their credentials. That could guide to account takeover, unless of course multi-factor authentication is enabled.
Twitter did not make clear how the risk actors behind the information leak managed to link these email messages to the relevant user accounts.
“Be cautious of e-mails conveying a feeling of urgency and email messages requesting your non-public information and facts, normally double test that e-mails are coming from a legitimate Twitter resource,” it concluded by way of advice.
However, the researcher who to start with found the 200 million consumer dataset appeared unconvinced by Twitter’s most current missive, declaring a 3rd-party compromise is even now the most possible resource of the breach.
“Having talked over it with other security experts and conducting my own exploration around it, I believe that that my former assessment is however legitimate,” argued Hudson Rock CTO, Alon Gal.
“For example, the authenticity of the leak is evident in the absence of bogus positives among Twitter usernames and e-mails uncovered in the databases, [as opposed to] situations of info enrichments.”
Editorial credit: Ink Drop / Shutterstock.com
Some areas of this post are sourced from: