Twitter Investigates Data Breach, Finds No Evidence of Security Exploits
Twitter has publicly disclosed the findings of an internal investigation concerning a recent data leak that has sparked significant concern among its users. In a statement issued on Wednesday, the social media platform confirmed that it discovered “no evidence” indicating that user data being sold online was acquired through any exploit of its security systems. Instead, the evidence suggests that the compromised data is likely a collection of information already available from various public sources.
This development follows a series of alarming reports detailing the availability of Twitter user data for sale on illicit online platforms. Notably, in late 2022, over 5.4 million user records were reportedly traded, followed by sales of 400 million and more recently, 200 million records. These incidents have raised questions regarding the integrity of user data on the platform.
Twitter emphasized that the breach could not be linked to any previously reported incidents, nor does it correlate with any new attacks. Importantly, the company reassured users that no passwords had been compromised. The two datasets reported to have circulated in late 2022 were said to be identical, with duplications removed from the data acquired most recently.
Historically, Twitter acknowledged in August 2022 that a vulnerability introduced in June 2021 had allowed users to link their accounts to specific email addresses or phone numbers. This flaw was leveraged to glean information from approximately 5.48 million user profiles. The actor behind this incident, known as Ryushi, subsequently attempted to sell this user information on underground forums, claiming it had utilized this now-patched vulnerability.
The origin of the recently reported datasets remains unclear, and there is uncertainty regarding whether this data was compiled before the vulnerability was addressed in January 2022. This ambiguity complicates the investigation further, as Twitter’s assurances do not eliminate the possibility of undiscovered vulnerabilities.
In response to the leak involving 5.4 million users, the Irish Data Protection Commission has initiated an inquiry. According to Twitter, this data breach is consistent with those reported in August 2022, reflecting ongoing tensions surrounding user privacy.
The company is actively liaising with relevant data protection authorities to address these alleged incidents. In its efforts to enhance user security, Twitter advised users to activate two-factor authentication (2FA) and remain vigilant against potential phishing attacks.
The context of these events aligns with several tactics from the MITRE ATT&CK framework, particularly those related to initial access and data exfiltration. While the exact methods used by the actors remain uncertain, the potential for previous vulnerabilities to be exploited raises important considerations regarding the overall security posture of organizations like Twitter as they navigate the evolving landscape of cybersecurity threats.
Business owners and tech professionals should remain informed and proactive, recognizing the importance of data protection measures and the potential implications of such breaches. As social media continues to play a pivotal role in digital communication, maintaining stringent cybersecurity protocols is imperative to safeguard user data and maintain trust in these platforms.
