In recent days, there has been a lot of news about Twitter. This social platform claims that the set of disclosed information related to the email addresses of about 245 million user accounts did not come out of the systems of this social network. According to multiple reports, the information of more than 200 million Twitter accounts was sold on a dark web market for just two dollars earlier this month.
Although Twitter email addresses may not seem like sensitive information, the hack raised concerns that anonymous social media accounts could be linked to real-world identities, making it much easier to hack accounts. Twitter initially refused to respond to this disclosure; But now, a week after the incident, he has published a statement in this regard.
Twitter wrote about the disclosure of the information of 235 million user accounts of this platform:
On January 4th, Bleeping Computer confirmed the authenticity of a number of emails soon after Twitter users’ information was leaked. This news site, which focuses on issues related to cyber security, linked the disclosure of information of 235 million Twitter user accounts to the initial disclosure last December, which included the phone numbers and emails of about 400 million user accounts of the social network. This is despite the fact that the exact number of monthly active users of Twitter in December 2022 was equal to 368 million people, and in other words, the leaked data could theoretically include all these accounts. According to Bleeping Computer, the leak in early January appeared to be a stripped-down version of earlier data with fewer duplicates.
Multiple reports have indicated that both sets of information leaked by Twitter in recent months are related to a security flaw, and the social platform officially confirmed it in August 2022. This fatal bug in the API allows anyone to get information about its user accounts. This vulnerability provides the possibility of viewing users’ data based on ID or phone and email searches, and even not publicly displaying this information in users’ accounts has no effect on increasing their security against the aforementioned bug. The company also admitted that the API flaw was related to data that one of the hackers had sold, and claimed to have notified affected users of the issue.
Twitter did not deny this issue in its statement on Wednesday; But it has claimed that after internal investigations, the leak of data of 400 million users in December is not related to the incident of hacking the data of 235 million user accounts of this platform. Additionally, the social platform has stated that the disclosure of this information was not done through its system bugs. Additionally, Twitter claims that the data in both leaked sets is the same, with only the smaller set removing duplicate information.
Twitter noted in its blog post that it is currently in contact with data protection authorities and other relevant regulatory agencies to clarify the latest hacking incident. However, the said social network did not provide any other details of how exactly the information of hundreds of millions of user accounts was collected and sold in hacker markets.
website Gizmodo, has contacted Twitter for more information; But he did not receive a response from this company. In fact, the public relations section of this social network after becoming operational Elon Muskhas dissolved.
In 2020, a massive hack targeting famous users led to the official account Barack Obama, the former President of the United States, among many other famous people’s accounts, to pull off a crypto scam on Twitter. Also in 2019, the social media platform announced another flaw that showed that the private tweets of Android users are not actually private and attackers can see the information of this tweet with some solutions.
The Irish Data Protection Commission has fined Twitter more than half a million dollars for failing to promptly report and document the Android flaw. The Irish regulator investigated the vulnerability of the platform’s API in an investigation announced in December.