Comments
Twitter, in a public statement released on February 3, stated that “possible state-sponsored actors” had attempted to access Twitter users’ phone numbers.
The investigation revealed that the hackers tried to exploit Twitter’s API and took advantage of the vulnerability in the company’s “contacts upload” feature.
Twitter disclosed that it had identified a “high volume of requests” to use the feature coming from IP addresses in Iran, Israel, and Malaysia.
In a blog post, the microblogging site mentioned that, last year in December, the fake accounts intended to exploit API and match usernames to phone numbers.
Twitter’s statement came a day after Tesla CEO Elon Musk slammed the social-networking site for the rise in trolling networks and scams via fake bots on Twitter and Google, in a series of tweets.
Problem resolved
During the investigation, the social media site found that the fake accounts had been exploiting the API endpoint beyond its intended use case. When used as intended, this endpoint made it easier for new account holders to search for people they already know on the site.
The endpoint matched phone numbers to Twitter accounts for those users who had enabled the “Let people who have your phone number find you on Twitter” option. Users who had not enabled this setting or had not provided their phone numbers on Twitter were not exposed by the vulnerability of this setting.
Twitter assured its users that the identified fake accounts were tracked and suspended.
Comments
COMMENT NOW
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.