Twitter has denied that emails alleged to be linked to millions of its users’ accounts were obtained using a hack.
In its first statement on the matter, it wrote “there is no evidence” the data came from a flaw in its systems.
The records were instead probably a collection of data “already publicly available online”, although it urged users to be wary of bogus emails.
The firm which raised the alarm about the alleged leaks, Hudson Rock, said it disputed Twitter’s findings.
Alon Gal, the cyber-crime intelligence company’s co-founder, said: “I urge security researchers to conduct a thorough examination of the leaked data and rule out Twitter’s conclusion of the data being an enrichment of some sort which did not originate from their own servers
Last week, a different individual leaked what they said were emails linked to 200 million user accounts, and made them available for anyone to download for a small fee.
Twitter says both datasets are the same, but with duplicated data removed in the smaller leak, and that neither came from using the flaw.
“Based on information and intel analysed to investigate the issue, there is no evidence that the data being sold online was obtained by exploiting a vulnerability of Twitter systems,” the company said.
“The data is likely a collection of data already publicly available online through different sources.”
Twitter did not say whether the email addresses are genuine or if they were correctly matched with user accounts, and, if so, how that was accomplished.
News site Bleeping Computer had earlier reported that it had checked a number of the email addresses and found they were real.
Twitter warned users to “remain extra vigilant” and said the leaked information could be used to create “very effective” bogus phishing emails.
The social media giant added that it has communicated its findings to the relevant data protection authorities