Twitter asserted that there was no recent data breach and that the email addresses being sold were from publicly available data from multiple avenues.
Speculations over Twitter's involvement arose due to the system vulnerability discovered via a bug bounty program in August 2021 in which submitting email addresses reveal any specific Twitter account they're linked to.
Twitter explained that “there is no evidence that the data being sold online was obtained by exploiting a vulnerability of Twitter systems."
Hackers stole email addresses of 200+ million Twitter users & posted them on an online hacking forum. Twitter has not commented on the report, nor responded to inquiries about the breach. It’s unclear what they are doing to investigate/remediate the issue. https://t.co/B9wuagcaCQ— Andrew Kimmel (@andrewkimmel) January 6, 2023
The issue arose from reports in December claiming that 400 million Twitter data are still accessible because of the bug and the additional 200 million data leaked in an online hacking forum.