Here’s what Twitter has to say on 200 million users’ data being sold online

Twitter has said it found no evidence that the confidential data of about 200 million users, including email addresses, were put up for sale on an online hacking platform. Last week, a security researcher claimed that the social media platform had been hacked and the data leak would lead to more incidents of hacking, targeted phishing attacks, and doxxing.”We take our responsibility to protect your privacy very seriously. In response to recent media reports of Twitter users’ data being sold online, we conducted a thorough investigation and there is no evidence that data recently being sold was obtained by exploiting a vulnerability of Twitter systems,” Twitter said in a blog post.Read AlsoNew Twitter will aim to optimise unregretted user minutes, says Elon MuskCurrently busy making Twitter faster, Musk has brought the company back from bankruptcy and is now striving to get profitable.Data of 200 million users ‘sold online’Last week, news agency Reuters cited Alon Gal, co-founder of Israeli cybersecurity-monitoring firm Hudson Roc as saying that the Twitter data hack is “one of the most significant leaks he has seen.” Gal said it informed Twitter about the hack on December 24 but neither the company nor its CEO, Elon Musk, made any comments.Troy Hunt, creator of Have I Been Pwned, a breach notification portal, confirmed that the data was legitimate, saying that “pretty much what it’s been described as” on Twitter. Bleeping Computers also reportedly confirmed the validity of the email addresses listed in the leak.Read AlsoTwitter announces ‘Blue for Business’ serviceTwitter announced its new ‘Blue for Business’ service, a new way for businesses and their affiliates to verify and distinguish themselves on the micro-blogging platform.Twitter users’ data accessed due to a bugTwitter says that the data, that was reported to have been leaked, is the same that was made public due to a bug which resulted from an update to a code in June 2021. The company says it “immediately investigated and fixed it” after receiving a report through the company’s bug bounty programme in January 2022.”In July 2022, we learned through a press report that someone had potentially leveraged this [bug] and was offering to sell the information they had compiled. After reviewing a sample of the available data for sale, we confirmed that a bad actor had taken advantage of the issue before it was addressed. At the time, we notified the affected users promptly and the relevant authorities,” Twitter said.”In November 2022, some press reports published that Twitter users’ data had been allegedly leaked online. As soon as we became aware of the news, Twitter’s Incident Response Team compared the data in the new report to data reported by the media on 21 July 2022. The comparison determined that the exposed data was the same in both cases,” Twitter added. Read AlsoTwitter planning to sell user names boost revenue: ReportElon Musk-owned Twitter has reportedly considered selling user names to generate new revenue. According to a report in the New York Times, Twitter employees have held conversations about selling some usernames for the service since at least December last year.Data of around 400 million Twitter users available for freeLast year in December, Bleeping Computers reported that the private data of around 400 million users were stolen due to a bug and that data was available for free.Twitter investigation on data leakTwitter said that it carried out a comprehensive investigation, and the company’s Incident Response and Privacy and Data Protection teams concluded that:5.4 million user accounts reported in November were found to be the same as those exposed in August 2022.400 million instances of user data in the second alleged breach could not be correlated with the previously reported incident, nor with any new incident.200 million datasets could not be correlated with the previously reported incident or any data originating from the exploitation of Twitter systems.Both datasets were the same, though the second one had the duplicated entries removed.None of the datasets analysed contained passwords or information that could lead to passwords being compromised.It says that data that was reported to be being sold/ available online through different sources was the same that was leaked due to a bug. Twitter says it is in contact with Data Protection Authorities and other relevant regulators from different countries to provide clarification about the alleged incidents.Twitter blue tick subscription: All you need to know