Twitter says the list of usernames and passwords posted online by the hackers was not obtained by exploiting vulnerabilities in the social media site’s security systems.
The company said it was conducting an investigation following reports that a database showing the account details of more than 200 million Twitter users was posted online earlier this month.
According to reports by security researchers and others, the usernames and email addresses in the leak were compiled from several previous Twitter breaches dating back to a bug in Twitter systems that was created in 2021 and fixed in early 2022.
The bug meant that anyone who submits an email address or phone number to their Twitter system would be told which account, if any, those details were linked – a flaw that Twitter confirmed was exploited by hackers last summer.
However, Twitter says its investigation into this latest dataset found that the information in the database “could not be correlated with the previously reported incident or any data resulting from the exploit of Twitter systems.”
“Therefore, based on the information and intelligence analyzed to investigate the matter, there is no evidence that data sold online was obtained by exploiting a vulnerability in Twitter systems,” the company said.
“The data is probably a collection of data that is already publicly available online through different sources.”
Twitter has joined cybersecurity experts to urge users to protect their accounts by ensuring they use a strong password and two-factor authentication to prevent unauthorized logins.
“We also encourage Twitter users to be extra vigilant when receiving any communication over email, as threat actors can use the leaked information to create very effective phishing campaigns.
“Be wary of urgency emails and emails requesting your private information, always double-check if emails come from a legitimate Twitter source.”
In recent weeks, the Twitter accounts of two Cabinet ministers have been hacked.
The latest incident comes as the social media giant continues to face questions about its overall security and broader future, led by Elon Musk, who completed its takeover of the platform in October.
While the bug linked to these data leaks surfaced long before Mr Musk took over, many experts have expressed concerns about whether the platform will remain so secure with the number of staff currently leaving Twitter and its significantly reduced staff.
Culture Minister Michelle Donelan said the “jury is out” about Musk’s leadership, which allowed Twitter to allow banned accounts, including Donald Trump’s, to return to the site and relax its content moderation rules.
“Let’s take a look at it for a moment,” he told The News Agents podcast.
“But it’s not going in the right direction. But its impact is limited. So let’s see.”
Late last year, Mr. Musk pledged to step down as Twitter CEO after users voted to resign in an online poll.
However, the billionaire didn’t give any time frame for this move, only saying he would hand over the day-to-day running of the site once he finds someone “stupid enough” to take on the role.