im very suspicious of the "twitter api leak" for a number of reasons, refraining from sharing it for now as we look into it a bit more, things dont really add up to me and it looks like perfect bait to stir up the pot and later make fun of people for believing it
this data being on okta infrastructure and on such a completely random url makes little to no sense with how both twitter and okta work, the url in the screenshot currently returns a 404 and has not been archived anywhere
the word list (which almost entirely consists of racial slurs) and list of users (which somehow contains the russian MFA) just seems prefectly tailored to "triggering the left" and would make little to no sense to be implemented in a config file like this
a feature like this (requiring manual moderation on an account) exists and has been known to exist, but it is only accessible on internal tooling and is a database flag on accounts, not a list. a big use for this feature is most likely LEA preservation requests.
it wouldnt make sense for them to have a second exclusion list like this, and much less for it to be formated as javascript code (not even as json) given this would be used in the twitter backend, which is not written in javascript
as of right now i consider the info to be disinformation and given there does not appear to be a verifiable archive of the URL the data is claimed to be from i do not consider this information to be verifiable without comment from twitter
ofc both the original "leak" and my thread are mostly speculation, but i consider the burden of proof for such a massive claim to be on the side making such a claim. the way in which this was published (via screenshots passed around in unknown ways) is unprofessional either way
i will update this thread if i get any more information and ask people not to engage in further speculation that add to the fog of war making it even harder to get real information about this
minor correction: the file in the screenshot is not js but some generic configuration file format that vaguely looks like the ini or yaml format. if anything this makes even less sense.
https://x.com/awawawhoami/status/1816227440038949003
a former twitter employee essentially confirms what i said earlier about twitter moderation tools and that okta was only ever used for sso, this could have changed in the mean time ofc
https://x.com/hipsterelectron/status/1816229105769279707
if you have any additional information on this incident you can either DM me on here or securely contact me on signal (at nyancrimew.01)
i have received some additional information (including an uncensored version of the discord screenshot), i am still very much on the fence about believing this to be real but the person who originally posted the message on discord is apparently working with journalists now
i would suggest to wait and see but it might turn out to be real after all, still hard to say with the information i have for now, i will wait on the journalists who have been directly provided with this data. the story i have now doesnt seem entirely unlikely anymore.
since they publicly talked about it i can confirm that the discord screenshot is of the vxunderground server, vxug currently says they have no way to verify if the data was forged or not.
https://x.com/vxunderground/status/1816221892795326534
also just for context: theantifaturtle is not the original poster of the discord screenshot, the original poster of it, as well as reposters, have not been suspended as of now.
to be clear based on the info i have my gut feeling still is that this is fake and that a vxug member accidentally laundered the misinfo without trying to reproduce it beforehand. resharing untrusted source info like this is dangerous and leads to shit exactly like this.
highly suggest @vxunderground to retract the info, none of the private details i have about how this info was apparently accessed makes sense either.
@cryptogram44 @vxunderground i also have some inside info on how the data was allegedly obtained and it makes it make even less sense so who knows
vxunderground has now released statement making it clear they were never able to verify the information either and the message in the screenshot was them sharing it internally to verify it, horrible way to phrase unverified info as an "upcoming shitstorm"
https://x.com/vxunderground/status/1816298322077901262
this proper statement + all the other technical information i have since been given from other former twitter employees and people in the industry, to me, confirm this was disinfo and not real
to be clear, twitter HAS protection features like this, and they are applied at least to LibsOfTiktok, and we have known about this for years now both from various verified twitter leaks as well as from hackers in the og and com scene selling this protection
but these features work entirely differently, as flags on a users profile in the database, requiring manual moderation actions, not only would a second implementation like this make no sense, the list of protected accounts is also most likely way longer
especially due to the sale of protection (for around $5k as far as im aware) on the black market, resulting in random hackers and scammers having this flag applied to their accounts as well, at least for a while (it is unclear how well twitter cuts back on fraudulent protection)
okta also confirms the URL in the "leak" doesn't exist and never has
https://x.com/benedictgarman/status/1816477603705872783
my co-writer and editor @RhinozzCode has now talked to smelly_vx (founder of @vxunderground), who sent the discord message in the widely spread screenshot. this whole story is a great example of how misinfo is created and spread even in expert spaces
https://x.com/RhinozzCode/status/1816542571650585036
@RhinozzCode @vxunderground end of thread, stay vigilant <3
follow me and read my blog for cool data leak based investigative journalism and bad jokes
maia.crimew.gay/posts/
follow me and read my blog for cool data leak based investigative journalism and bad jokes
maia.crimew.gay/posts/
• • •
Missing some Tweet in this thread? You can try to
force a refresh
