Twitter categorically denied the claims that allege leaked emails got hacked from its systems. The company acknowledged that no evidence proves the data leaked from vulnerability in its systems. Instead, the records were perhaps a data collection. It is already available online for the public, though the company required users to be careful of bogus emails.
Hudson Rock raised concerns about the alleged leaks. The firm believes the situation made Twitter’s findings doubtful. Alon Gal, the co-founder of the cyber-intelligence firm, urges security researchers to thoroughly scrutinize the matter of leaked data and exclude Twitter’s data conclusion as an enhancement that it did not create from its servers.
Twitter’s Bug Bounty Scheme
The lead regulator of the Irish Data Protection Commission announced in the European Union that it investigated a data leak related to 5.4 million accounts. Twitter reportedly matched data exposed by a security error in the system update in 2021.
According to MenaEntrepreneur, Twitter confirmed that the error meant if a user got a phone number or an email address, the company could use the faulty system to identify any Twitter accounts connected to them. The firm investigated and rectified the error using a bug bounty scheme after it got a warning in January last year. The said scheme aims to reward those researchers who notify it of security issues.
Hacker Forum Squeezing
Hudson Rock said Ryushi – the hacker, attempted to extract Twitter through a menace of a more significant leak. He claimed to have hacked countless phone numbers and emails associated with over 400 million user accounts. The hacker said he would like to sell the leaked data exclusively to Twitter.
The error in Twitter’s systems was how the hacker claimed to have hacked the emails and phone numbers. Given the threatened extortion reports, the PDC announced it would investigate how Twitter complies with data protection regulations about that security issue. The media reported different individual leaking emails of 200 million Twitter user accounts. They made the hacked data available for anyone willing to obtain it for a small amount.
However, Twitter said these are not different datasets, with duplicated information deleted in the small leak. It again denied that the hacker obtained the data through a flaw in its systems. The company said no evidence has proved that data hacker obtained data by exploiting a flaw in Twitter systems and has put it for sale.
The leaked information is perhaps a data collection already available online for the public through various sources. Twitter did not confirm whether or not the email addresses were genuine. And if so, how the hacker obtained them? Some tech sites checked some email addresses hacked by two individuals and found them real.
Twitter also advised its users to remain extra careful and vigilant about their private data. It said the company could utilize the leaked data to make excessively effective bogus phishing emails. The social media giant has also conveyed its conclusions to the relevant data protection authorities.