Social media giant Twitter said it found no evidence that the recent data leaks allegedly containing phone numbers and email addresses of millions of Twitter users were a result of hackers exploiting a vulnerability in its platform.

“In response to recent media reports of Twitter users' data being sold online, we conducted a thorough investigation and there is no evidence that data recently being sold was obtained by exploiting a vulnerability of Twitter systems,” the company said in a statement.

In November 2022, more than 5.4 million Twitter user records containing data obtained via an API vulnerability fixed in January, 2022 were leaked for free on a cybercriminal forum. A month later, a threat actor posted an announcement on a hacker forum claiming they have obtained data of 400 million Twitter users and are attempting to sell it. The seller claimed the data was scraped through a now-patched vulnerability, and includes emails and phone numbers of celebrities, politicians, companies, users, and a lot of OG and special usernames.

In January 2023, a similar attempt to sell data from 200 million Twitter accounts was reported in the media. The leak contained information such as name, username, email address, follower count, and creation date.

After an investigation the Twitter security team concluded that the data leaks reported in November and December, 2022, and January 2023 were not a result of a new security breach, but rather “ the data is likely a collection of data already publicly available online through different sources.”