“State-sponsored” hackers tried to access Twitter users’ phone numbers

Prashasti Awasthi Mumbai | Updated on February 04, 2020 Published on February 04, 2020

Vulnerability now resolved, says Twitter

Twitter, in a public statement released on February 3, stated that “possible state-sponsored actors” had attempted to access Twitter users’ phone numbers.

The investigation revealed that the hackers tried to exploit Twitter’s API and took advantage of the vulnerability in the company’s “contacts upload” feature.

Twitter disclosed that it had identified a “high volume of requests” to use the feature coming from IP addresses in Iran, Israel, and Malaysia.

In a blog post, the microblogging site mentioned that, last year in December, the fake accounts intended to exploit API and match usernames to phone numbers.

Twitter’s statement came a day after Tesla CEO Elon Musk slammed the social-networking site for the rise in trolling networks and scams via fake bots on Twitter and Google, in a series of tweets.

Problem resolved

During the investigation, the social media site found that the fake accounts had been exploiting the API endpoint beyond its intended use case. When used as intended, this endpoint made it easier for new account holders to search for people they already know on the site.

The endpoint matched phone numbers to Twitter accounts for those users who had enabled the “Let people who have your phone number find you on Twitter” option. Users who had not enabled this setting or had not provided their phone numbers on Twitter were not exposed by the vulnerability of this setting.

Twitter assured its users that the identified fake accounts were tracked and suspended.

Published on February 04, 2020
This article is closed for comments.
Please Email the Editor