Twitter Says That Stolen Data From Them Isn’t From Them
If you have given up on following news about Twitter, I don’t blame you, but there as been a batch of ~400 million user records being sold online and marketed as coming from breaching Twitter’s systems.
Today Twitter is saying that there was “no evidence” of that data coming from Twitter’s systems.
After a comprehensive investigation, our Incident Response and Privacy and Data Protection teams concluded that:
- 5.4 million user accounts reported in November were found to be the same as those exposed in August 2022.
- 400 million instances of user data in the second alleged breach could not be correlated with the previously reported incident, nor with any new incident.
- 200 million dataset could not be correlated with the previously reported incident or any data originating from an exploitation of Twitter systems.
- Both datasets were the same, though the second one had the duplicated entries removed.
- None of the datasets analyzed contained passwords or information that could lead to passwords being compromised.
Therefore, based on information and intel analyzed to investigate the issue, there is no evidence that the data being sold online was obtained by exploiting a vulnerability of Twitter systems.
There are two problems with this kind of statement:
- “No evidence” doesn’t mean it didn’t happen.
- How can anyone reasonably trust Twitter with this evaluation?
Whether you like Elon Musk or not, he’s all over the place, going down rabbit holes of conspiracy theories, and has gutted Twitter of talent, either directly or indirectly, especially in areas such as security. Even the rapidly shrinking group of people who still think Elon is a genius would have to take a deep breath and a LONG pause before believing a report like this because of the repetitional damage he has caused to Twitter and his own brand.
Trust matters a lot with these kinds of reports, and Twitter has none.
Related Posts
A Decade of Clojure at Studio71
What is Clojure and why did it fit for Studio71? Clojure is a programming language (a dialect of Lisp) that excels at concurrency and data processing. Clojure runs on top of Java so it’s runs in all of the places Java runs and can use all of the Java libraries already out there (hello, Google and AWS libraries!
Read moreThe macOS Privacy Settings Deleted My Backups
The other day I logged in to my NAS to find that all of my backed up media files were gone. No errors, the drives were fine, the directory was there, but the files were gone. Thankfully it wasn’t a freak out moment as I had my originals and my other backups, but it was a mystery.
Read moreBuilding a Mastodon Client in to my Cyberpunk SSH App
Let me quickly get you up to speed: I wanted to build a website for my hacker projects, but instead of a website I ended up building an SSH app (because I’m weird). Basically, instead of visiting it in your web browser you have to open your terminal, run an SSH command, and then you use text commands to play with the application, read about my projects, etc.
Read more