Twitter said Wednesday that its systems are not to blame for banks of its users’ data reportedly being offered for sale online.
Following media reports of people selling Twitter users’ data, the social media company said in a blog post that it conducted an investigation and found no evidence that the data was obtained via a flaw in Twitter’s security systems.
“Based on information and intel analyzed to investigate the issue, there is no evidence that the data being sold online was obtained by exploiting a vulnerability of Twitter systems,” the company said on its blog. “The data is likely a collection of data already publicly available online through different sources.”
Claims about data leaks at Twitter in 2022 attracted widespread attention, including from regulators and reporters.
A database containing email addresses for more than 200 million users appeared for sale in a hacker forum, according to reports last week.
Tech publication Bleeping Computer said last month that more than 400 million Twitter users’ data was allegedly contained in a database belonging to “Ryushi,” the apparent alias of the entity claiming to have obtained the confidential information.
Ryushi told the publication it wanted to sell the data to a single person or back to Twitter itself. Ryushi sought a $200,000 payday and pledged to delete the account information after its sale.
Twitter said none of the datasets it reviewed contained passwords or information that would lead to passwords being compromised.
“While no passwords were exposed, we encourage everyone who uses Twitter to enable 2-factor authentication using authentication apps or hardware security keys to protect your account from unauthorized logins,” the company said.
In December, Ireland’s regulators began digging into the potential data leaks that hackers had said exposed millions of people’s data online.
Twitter said Wednesday that it was in contact with relevant regulators from different countries about the claims and planned to continue working with the government officials.