Twitter admits to raid on users’ phone numbers

2020-02-05 11:20

December's story of the researcher who tricked Twitter's Android app into matching random phone numbers to 17 million user accounts just took a turn for the worse.

The flaw related to Twitter's contact upload feature, by which users upload their contact book to enable them to connect to other Twitter users whose email or phone number matches the data.

The only limitations were that it only worked when using the Android app, and only for Twitter users who'd both added their phone numbers to the service and turned on the 'Let people who have your phone number find you on Twitter' option.

By the time Twitter suspended his access on 20 December 2019, he'd claimed to have uncovered the numbers of millions of Twitter users in Israel, Turkey, Iran, Greece, Armenia, France and Germany, including one independently confirmed to belong to a senior Israeli politician.

Users can check whether they've entered their phone number into Twitter.

News URL

https://nakedsecurity.sophos.com/2020/02/05/twitter-admits-to-raid-on-users-phone-numbers/

#twitter #phone

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Twitter		6	1	7	1	0	9