Responding to recent media reports that Twitter was hacked and email addresses of more than 200 million users were posted on an online forum, the tech giant said it conducted a ‘thorough investigation’ and found the said information was likely already available online, and was not obtained by exploiting a vulnerability of the Twitter systems.
What is the vulnerability?
The company, bought by billionaire Elon Musk in October last year, said it received report of the vulnerability, through its bug bounty programme, in January 2022. Under this, on submitting an email address or phone number to the Twitter systems, the systems would tell which Twitter account the submitted email address or phone number was associated with, if any.
This bug, it revealed, was due to an update made in June 2021 to the microblogging website’s code, and was immediately investigated and fixed.
What did Twitter find in current probe?
As part of investigation, its The San Francisco-based company also probed two other, recent alleged breaches, one each from November and December 2022. It found that:
(1.) The 5.4 million accounts breached in November last year were the same that as those exposed in August that year due to the aforementioned bug.
(2.) The 400 million accounts mentioned in the second case could not be correlated to the earlier or any new incident.
(3.) The 200 million dataset could not be correlated with the previous incidents, or any data leaked due to the vulnerability of the Twitter systems.
(4.) This 600 million dataset was the same. However, the second one had duplicate entries removed.
(5.) None of the datasets analysed had passwords or information, therefore negating the possibility of these being compromised.