Twitter also added that none of the datasets analyzed featured users’ passwords or any other information that could lead to users’ passwords being compromised. However, we can’t help feel skeptical about Twitter’s response.
Twitter claims that data breach sold online is from a ‘different source’
In early January, news broke that hackers stole information from over 200 million Twitter users and exposed them on an online forum. According to CNN, the data featured in the breach included email addresses, Twitter users’ names, account handles, follower numbers, and the dates the accounts were created. Alan Gal, co-founder of Hudson Rock (an Israel-based security firm), claims to be the first to publicly call out Twitter about the leak. “This database contains 235,000,000 unique records of Twitter users and their email addresses, and will unfortunately lead to a lot of hacking, targeting phishing, and doxxing,” Gal said last week via LinkedIn. (opens in new tab) “This is one of the most significant leaks I’ve seen.” Twitter, however, is seemingly minimizing its involvement in the data breach, claiming that it has “conducted a thorough investigation,” because, y’know, self-investigative reports regarding one’s misconducts have always been a reliable measure of innocence. Its findings? Well, as mentioned, Twitter says that there’s no evidence that the data discovered online was obtained by hackers exploiting a security hole in its system. “The data is likely a collection of data already publicly available online through different sources,” Twitter concluded. Gal isn’t buying it. In a recent LinkedIn post (opens in new tab), he said that he has discussed the data breach with other security professionals and still believes that his initial assessment of the matter still holds water (i.e., the data was leaked from a Twitter database). “… [T]he authenticity of the leak is evident in the lack of false positives between Twitter usernames and emails found in the database, opposite to cases of data enrichments,” Gal said. It’s possible that Twitter may be correct, but I’m less inclined to believe any self-investigative report. As more reports about the data leak trickle in, perhaps we’ll get more clarity on the matter. If you want to know if your account is one of the 200M records scraped from Twitter, check out HaveIBeenPwned.