Twitter says it has not been hacked from its systems, but that 200M of its users’ data was leaked to Twitter

Twitter has finally responded to reports that an email database containing hundreds of million of Twitter users had been leaked. It said that no evidence was found that the data was obtained through a security hole in its system.

According to .

The company in August that there was a which affected 5.4 million Twitter users. This occurred because threat actors had exploited a January 2022 vulnerability.

The attackers were able to use this flaw to link phone numbers and email addresses to Twitter accounts.

Twitter today stated that it was unsuccessful in obtaining another dataset that contained emails linked to more than 200 million Twitter users . This data, which included addresses and links to these people, had been leaked earlier in the month.

Twitter stated that “[The] 200,000,000 dataset cannot be correlated to the previously reported incident” or data originating in an exploitation Twitter systems.

“All the data analyzed did not contain passwords, or any information that could be used to compromise passwords.”

Recently, we were made aware that Twitter users’ data had been sold online. We did a thorough investigation and found no evidence to support the claim that these data were derived from our system’s exploitation. Read more here:

Twitter Support (@TwitterSupport).

According to the company, “based upon information and intelligence analyzed to investigate this issue, there are no indications that data being sold online was obtained through an exploit of a vulnerability in Twitter systems.” It is possible that the data comes from a group of previously publicly accessible data, which was likely to be available through other sources.

Twitter did not explain today how Twitter’s leaked data was linked to the email addresses of users associated with their accounts.

Twitter stated that they are currently in touch with Data Protection Authorities in several countries and other data regulatory bodies to give additional information about the “alleged incidents.”

The Irish Data Protection Commission (DPC), in December 2022, announced it had launched an inquiry into the GDPR compliance issue. This was following reports of personal data being leaked to the internet by 5.4 million users on Twitter.

In December 2020 ($550,000), the DPC penalty on Twitter for failing to inform the watchdog within the required 72 hours under EU’s General Data Protection Regulation.