Twitter says it's blameless for data leak of 200M users — why we're skeptical

Twitter
(Image credit: Snappa)

Following reports that hackers reportedly compromised 200 million Twitter users' data, Twitter finally chirped up about the incident in a Jan. 11 blog post. In short, the social media giant acknowledged the recent media reports, but said, "there's no evidence that [they were] obtained by exploiting a vulnerability of Twitter systems."

Twitter also added that none of the datasets analyzed featured users' passwords or any other information that could lead to users' passwords being compromised. However, we can't help feel skeptical about Twitter's response.

Twitter claims that data breach sold online is from a 'different source'

In early January, news broke that hackers stole information from over 200 million Twitter users and exposed them on an online forum. According to CNN, the data featured in the breach included email addresses, Twitter users' names, account handles, follower numbers, and the dates the accounts were created.

Alan Gal, co-founder of Hudson Rock (an Israel-based security firm), claims to be the first to publicly call out Twitter about the leak.

"This database contains 235,000,000 unique records of Twitter users and their email addresses, and will unfortunately lead to a lot of hacking, targeting phishing, and doxxing," Gal said last week via LinkedIn. (opens in new tab) "This is one of the most significant leaks I've seen."

Twitter, however, is seemingly minimizing its involvement in the data breach, claiming that it has "conducted a thorough investigation," because, y'know, self-investigative reports regarding one's misconducts have always been a reliable measure of innocence. Its findings? Well, as mentioned, Twitter says that there's no evidence that the data discovered online was obtained by hackers exploiting a security hole in its system.

"The data is likely a collection of data already publicly available online through different sources," Twitter concluded.

See more

Gal isn't buying it. In a recent LinkedIn post (opens in new tab), he said that he has discussed the data breach with other security professionals and still believes that his initial assessment of the matter still holds water (i.e., the data was leaked from a Twitter database).

"... [T]he authenticity of the leak is evident in the lack of false positives between Twitter usernames and emails found in the database, opposite to cases of data enrichments," Gal said.

It's possible that Twitter may be correct, but I'm less inclined to believe any self-investigative report. As more reports about the data leak trickle in, perhaps we'll get more clarity on the matter.

If you want to know if your account is one of the 200M records scraped from Twitter, check out HaveIBeenPwned.

Kimberly Gedeon

Kimberly Gedeon, holding a Master's degree in International Journalism, launched her career as a journalist for MadameNoire's business beat in 2013. She loved translating stuffy stories about the economy, personal finance and investing into digestible, easy-to-understand, entertaining stories for young women of color. During her time on the business beat, she discovered her passion for tech as she dove into articles about tech entrepreneurship, the Consumer Electronics Show (CES) and the latest tablets. After eight years of freelancing, dabbling in a myriad of beats, she's finally found a home at Laptop Mag that accepts her as the crypto-addicted, virtual reality-loving, investing-focused, tech-fascinated nerd she is. Woot!