Twitter says no evidence user data leaks were obtained via bug

Twitter Inc said on Wednesday that there was no evidence that data recently being sold online was obtained by exploiting a vulnerability in the company's systems.

Twitter said the data of 5.4 million of the accounts had been compromised by a bug it discovered early last year, which it previously fixed and disclosed over the summer.

Another 600 million pieces of user data "could not be correlated with the previously reported incident, nor with any new incident," Twitter said in a blog post.

"There is no evidence that the data being sold online was obtained by exploiting a vulnerability of Twitter systems. The data is likely a collection of data already publicly available online through different sources," it said.

The social media company told users in August last year that a system vulnerability revealed Twitter accounts of users by submitting their email address or phone number, after the company learnt about it through a bug bounty program months earlier.

In December, media reports claimed that someone could gain access to over 400 million Twitter-associated user emails and phone numbers, and that the data had been exposed through the same vulnerability discovered in January 2022.