Twitter: Security breach allowed 17 million phone numbers to match user accounts

Twitter: Security breach allowed 17 million phone numbers to match user accounts
A security researcher named Ibrahim Balic told TechCrunch he found a security flaw in the Twitter app on Android. This loophole, which he exploited, allowed him to associate 17 million phone numbers with user accounts, TechCrunch reported on Tuesday, December 24, 2019.

According to Ibrahim Balic, it was possible to download entire lists of phone numbers generated from Twitter's contact download feature. He even states that "if you upload your phone number, Twitter gives you user data in return."

Pixabay credits

For two months, Balic claims he was able to match phone numbers with user accounts in Israel, Turkey, Iran, Greece, Armenia, France and Germany until finally Twitter shut down his activity. on Friday, December 20, 2019.
The researcher was able to identify 17 user accounts

Apparently, Twitter's contact download feature does not accept lists of phone numbers in sequential format. According to the researcher, this is probably a way the social network has established to prevent this type of correspondence.

Even so, when the researcher tweeted lists of over two billion randomly generated phone numbers, he was able to find out the identity of 17 million accounts, because those 17 million phone numbers did exist. .
Twitter is exposed to several security holes these days

The researcher had also provided a sample of phone numbers to TechCrunch. In particular, the site was able to identify an Israeli politician using his phone number.

However, Balic did not alert Twitter to the existence of the vulnerability. Instead, he reported many phone numbers of influential Twitter users, such as politicians and government officials, to a WhatsApp group to directly notify users.

This case comes on the sidelines of another recent Twitter security flaw, about which the social network said in a blog post that a bug allowed "a bad actor to see non-public account information or to control your account ”. Nonetheless, a Twitter spokesperson told TechCrunch that the social network is working to "ensure this bug can no longer be exploited."
Share :

Add New Comment

 Your Comment has been sent successfully. Thank you!   Refresh
Error: Please try again