Blog

You are currently viewing Twitter Bug Exposes Phone Numbers Of 17 Million Users

Twitter Bug Exposes Phone Numbers Of 17 Million Users

  • Post author:
  • Post category:Uncategorized
  • Post comments:0 Comments

A bug in Twitter’s Android app has allowed a security researcher to match 17 million phone numbers to Twitter user accounts. Ibrahim Balic told TechCrunch that he found it was possible to upload entire lists of generated phone numbers through Twitter’s contacts upload feature. He says “If you upload your phone number, it fetches user data in return”.

 

Twitter bug exposes personal information of users
Twitter CEO Jack Dorsey. Photo: Quartz

 

Over two months, Balic says he was able to match records from users in Israel, Turkey, Iran, Greece, Armenia, France and Germany. Meanwhile, he had to stop after Twitter blocked the flaw on 20th December 2019.

He mentioned that Twitter’s contact upload feature doesn’t accept lists of phone numbers in a sequential format. This probably prevents this kind of matching. Instead, he generated more than two billion phone numbers, one after the other, then randomised the numbers, and uploaded them to Twitter through the Android app. Balic said the bug did not exist in the web-based upload feature.

Balic did not alert Twitter about the flaw. However, he took many of the phone numbers of high-profile Twitter users, including politicians and officials to a WhatsApp group. This was an effort to warn users directly.

 

Also Read:

ByteDance Says It Is Not Selling TikTok, Denies Being a Security Threat
Leaked Image Of The Samsung Galaxy Fold 2 Bears Semblance To Motorola Razr
Haraldur Thorleifsson Shares Inspiring Story On Creating Google Santa Tracker

 

Twitter Working To Ensure The Bug Cannot Be Exploited Again

Twitter confirmed in a blog post that a bug could have allowed “a bad actor to see nonpublic account information or to control your account,” such as tweets, direct messages, and location information.

A Twitter spokesperson told TechCrunch the company was working to “ensure this bug cannot be exploited again.”
“Upon learning of this bug, we suspended the accounts used to inappropriately access people’s personal information. Protecting the privacy and safety of the people who use Twitter is our number one priority and we remain focused on rapidly stopping spam and abuse originating from the use of Twitter’s APIs,” the spokesperson said.

 

Make sure to follow Plat4om on Twitter @Plat4omLive, on Instagram @Plat4om, on LinkedIn at Plat4om, and on Facebook at Plat4om. You can email us at info@plat4om.com. Also, don’t forget to subscribe to our YouTube channel HERE.

Leave a Reply