Twitter notified account holders that their passwords were not hacked because the supposedly compromised information did not contain passwords
In recent developments, Twitter has denied allegations of hacking and the data of 200 million users being compromised. Alon Gal, a co-founder of Hudson Rock – an Israeli cybersecurity monitoring company, revealed on LinkedIn that he had found private data comprising email addresses of approximately 200 million Twitter users last week. Gal warned that if the sensitive data falls into the wrong hands, it can be used for illegal activities like doxxing, and targeted phishing. He further stated that the data was posted on an online hacking forum and that he had alerted Twitter regarding the same, but to no avail. The location and identity of the hackers behind the breach couldn’t be ascertained, Gal added.
In response, Twitter has stated that its concerned authorities have conducted a thorough investigation and didn’t discover any evidence of their users’ data being obtained by third parties and being sold online, to which Gale countered by writing,” The authenticity of the leak is evident in the lack of false positives between Twitter usernames and emails found in the database, opposite to cases of data enrichments,” on LinkedIn. Twitter informed its users that their passwords haven’t been compromised as the allegedly breached datasets didn’t contain passwords.
Twitter had previously revealed a breach in the data of 5.4 million users due to a bug, which was subsequently fixed. Early last year, Twitter was warned about the various security flaws in its systems that automatically revealed what phone number or email address was linked with which account. Twitter was informed in July 2022 that hackers had exploited this flaw to obtain confidential information of users like phone numbers and were selling it online. Impacted users were notified by Twitter regarding the same.
