If you’re a frequenter of BreachForums (and who isn’t), you may have noticed a massive trove of leaked email addresses – over 200 million – which the poster claims was harvested via a fault in Twitter’s software. The flaw has since been fixed, according to experts.
“Wasn’t me”
Well, what if that didn’t happen? Not the leak. We can be quite sure that users’ information is out there. But the fact that it was Twitter’s own fault. In a blog post discussing the leak, the social media platform said “there is no evidence that the data being sold online was obtained by exploiting a vulnerability of Twitter systems.”
It claimed that the information posted last week Wednesday to BreachForums doesn’t match up with any data that was previously exposed. It went on to say that the data was likely collected through sources where the information is publicly available. That’s… strangely scary.
Read More: Political advertising on Twitter: Say hello to free speech (with a price tag attached)
It went on to say that none of the data its Incident Response and Privacy and Data Protection teams found no leaked passwords or any other information that could lead to passwords being leaked. No credit card info or addresses were included in the leak either. Whew.
Of course, all of Twitter’s comments need to be taken with a rock-sized grain of salt. The platform is under a massive microscope at the moment. Distancing itself from something as unpleasant as a data breach would be solid tactics no matter how the leaked info was acquired. Twitter said it would continue investigating the breach, cooperating with the Data Protection Authorities and “other relevant regulators to provide clarification about the alleged incidents”.