When the news started circulating a few nights ago that Twitter had been hacked and over 55,000 logins had been dumped on the Internet, I looked at the five pastes comprising the data dump. The data didn’t look right to me, and as I told a colleague on DataLossDB, I was going to hold off on adding the incident.
Not surprising to me, Twitter quickly issued a statement and noted that a significant percentage of the logins were duplicates and many of accounts looked like spam accounts that had already been terminated by Twitter. They said they were continuing to investigate. And I continued to hold off on treating this as an incident in the database.
Today Jay Alabaster reports:
None of the recently leaked Twitter logins and passwords came from within the company, according to a message posted on Twitter’s Japanese blog Thursday.
“We have confirmed that no one’s information has been leaked from Twitter,” the blog said, after apologizing to users for their concerns.
[…]
In its Japanese blog posting, Twitter said that account information had likely been leaked from a different site, and it had sent password reset requests to users on the list.
Read more on Computerworld while I congratulate myself on not spending time researching the hack that wasn’t.