"Twitter: Leak of 200 Million Accounts Not Due to Historic Bug"

According to Twitter, a trove of over 200 million Twitter account records up for sale on the dark web recently was not obtained by any compromise of the social media firm’s IT systems.  Twitter said that the dataset was the same as that cited in reports of a 400 million accounts trove back in December, except that it had duplicate entries removed.  It was not related to a breach of 5.4 million users’ Twitter records confirmed in August 2022, which was traced back to a zero-day vulnerability in the firm’s code base fixed in January last year.  The company claimed that the 200m+ leak couldn’t be linked to any exploitation of Twitter’s systems.  Twitter, in a statement, said that based on the information and intel analyzed to investigate the issue, there is no evidence that the data being sold online was obtained by exploiting a vulnerability of Twitter systems.  The data is likely a collection of data already publicly available online through different sources.”  Twitter sought to reassure users by confirming that “none of the datasets analyzed contained passwords or information that could lead to passwords being compromised.”  However, there are concerns over the dataset currently circulating on the dark web, as it links the email addresses and phone numbers on user accounts with Twitter handles.  That will put countless users at risk of convincing phishing attacks, which could trick them into handing over their credentials.  Twitter did not explain how the threat actors behind the data leak managed to link those emails to the relevant user accounts.

Infosecurity reports: "Twitter: Leak of 200 Million Accounts Not Due to Historic Bug"