Security News > 2020 > February > Twitter says a certain someone tried to discover the phone numbers used by potentially millions of twits

Twitter says a certain someone tried to discover the phone numbers used by potentially millions of twits
2020-02-04 07:01

Twitter has admitted a flaw in its backend systems was exploited to discover the cellphone numbers of potentially millions of twits en masse, which could lead to their de-anonymization.

That is the same day that security researcher Ibrahim Balic revealed he had managed to match 17 million phone numbers to Twitter accounts by uploading a list of two billion automatically generated phone numbers to Twitter's contact upload feature, and match them to usernames.

The feature is supposed to be used by tweeters seeking their friends on Twitters, by uploading their phone's address book.

Twitter seemingly did not fully limit requests to its API, deciding that preventing sequential numbers from being uploaded was sufficiently secure.

It's worth noting that users who did not add their phone number to their Twitter account or not allow it to be discovered via the API were not affected.


News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/02/04/twitter_phone_numbers/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Twitter 5 0 6 2 0 8