Twitter Says That Stolen Data From Them Isn’t From Them

  • January 12, 2023
Infosec

If you have given up on following news about Twitter, I don’t blame you, but there as been a batch of ~400 million user records being sold online and marketed as coming from breaching Twitter’s systems.

Today Twitter is saying that there was “no evidence” of that data coming from Twitter’s systems.

After a comprehensive investigation, our Incident Response and Privacy and Data Protection teams concluded that:

  • 5.4 million user accounts reported in November were found to be the same as those exposed in August 2022.
  • 400 million instances of user data in the second alleged breach could not be correlated with the previously reported incident, nor with any new incident.
  • 200 million dataset could not be correlated with the previously reported incident or any data originating from an exploitation of Twitter systems.
  • Both datasets were the same, though the second one had the duplicated entries removed.
  • None of the datasets analyzed contained passwords or information that could lead to passwords being compromised.

Therefore, based on information and intel analyzed to investigate the issue, there is no evidence that the data being sold online was obtained by exploiting a vulnerability of Twitter systems.

There are two problems with this kind of statement:

  1. “No evidence” doesn’t mean it didn’t happen.
  2. How can anyone reasonably trust Twitter with this evaluation?

Whether you like Elon Musk or not, he’s all over the place, going down rabbit holes of conspiracy theories, and has gutted Twitter of talent, either directly or indirectly, especially in areas such as security. Even the rapidly shrinking group of people who still think Elon is a genius would have to take a deep breath and a LONG pause before believing a report like this because of the repetitional damage he has caused to Twitter and his own brand.

Trust matters a lot with these kinds of reports, and Twitter has none.

Related Posts

Thoughts on Apple Bloggers and Vision Pro Coverage

I posted this on Mastodon, but I figured I would cross-post it here as well. I wonder if we’re headed for a weird place with the #Apple Blogosphere (AKA the Apple Blog Mafia). All of the main players are talking about Vision Pro all the time and saying things like “I lose track of time in here!

Read more

The Simple Pleasures of a Mobile Office Whiteboard

I’ve built a lot of stuff for my home office over the last few years of working from home, but my current favorite is something so simple: A custom rolling whiteboard A couple of weeks ago I gave myself a Saturday challenge to take my existing old whiteboard and build a rolling stand for it only with materials I had in my workshop.

Read more

I Made Myself a JARVIS Over the Weekend

With some spare parts, a USB speakerphone, and my Home Assistant server, I was able to make a competent JARVIS for my home office over the weekend…and the exciting part is that it’s only going to keep getting better! Last year was the “Year of Voice” for Home Assistant, the open source home automation platform, and the team accomplished a ton of work that enables Home Assistant users to make their own voice assistants.

Read more