Security News > 2020 > February > Hackers Exploited Twitter Bug to Find Linked Phone Numbers of Users

Twitter today issued a warning revealing that attackers abused a legitimate functionality on its platform to unauthorizedly determine phone numbers associated with millions of its users' accounts.

According to Twitter, the vulnerability resided in one of the APIs that has been designed to make it easier for users to find people they may already know on Twitter by matching phone numbers saved in their contacts with twitter accounts.

To be noted, the feature worked precisely as intended, except someone was not supposed to upload millions of randomly generated phone numbers and abuse Twitter to reveal profiles associated with the contact information users added to Twitter for enabling security features.

The company became aware of the issue on December 24 last year after a security researcher 'unethically' exploited a similar, or the same, loophole in Twitter to successfully match nearly 17 million phone numbers to their profiles.

If you're unaware, you can also stop anyone from finding your profile based on your email address or phone number by navigating to the 'Discoverability' setting in your Twitter account and disable it.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/mYW67OUDbrQ/find-twitter-phone-number.html