Twitter Flaw Exposes 17 Million Phone Numbers Along With Connected User Accounts
KEY POINTS
- The flaw exposed millions of phone numbers
- Accounts exposed include high-profile politicians
- Twitter has shared location data previously due to a bug
Twitter is in the limelight again and is infested with another security issue. A researcher has found a bug in the platform which let him access around 17 million phone numbers and Twitter accounts connected to them.
Security researcher Ibrahim Balic found the bug and has also intimated Twitter on the subject.
Balic told TechCrunch that he could reverse-engineer information from Twitter since the platform does not allow the sequential listing of phone numbers. Balic simply generated random phone numbers and started matching them up with existing Twitter accounts to find which matches with which.
Among the millions of accounts accessed, Balic also found that some accounts belonged to high-profile politicians and officials from countries such as France, Greece, and Turkey. TechCrunch even found a senior Israeli politician among the exposed accounts. Balic started warning Twitter users but didn’t reach out to Twitter directly.
However, the platform did find out what Balic was doing and blocked him on Dec. 20. The company’s spokesperson, Aly Pavela reached out to Engadget with a comment on the issue.
"We take these reports seriously and are actively investigating to ensure this bug can't be exploited again. When we learned about this bug, we suspended the accounts used to inappropriately access people's personal information. Protecting the privacy and safety of the people who use Twitter is our number one priority and we remain focused on rapidly stopping spam and abuse originating from the use of Twitter's APIs," he stated.
Twitter has been in a hunting mode taking down many fake and propaganda accounts in the past two months. The company did not take kindly to Balic’s research, but it has publicly acknowledged the bug.
As a part of his research, Balic also created hundreds of fake accounts and ran around 50 active Android sessions each.
© Copyright IBTimes 2024. All rights reserved.