The company believes state-sponsored actors may also be involved.

Dark Reading Staff, Dark Reading

February 4, 2020

2 Min Read

Twitter has disclosed a security incident in which third parties exploited its API to match phone numbers with user accounts. The company has identified and suspended a large network of fake accounts related to the incident and believes state-sponsored actors may also be involved.

The problem came to Twitter's attention on Dec. 24, 2019, when it learned someone was using a network of fake accounts to match usernames with phone numbers – a legitimate feature that, if enabled, helps users find each other on the platform. A security researcher was able to exploit a flaw in Twitter's Android app to match 17 million phone numbers with user accounts.

Following this report, Twitter launched an investigation and discovered more accounts outside the researchers' findings that may have been exploiting the same official API endpoint beyond its intended function. The company identified accounts "located in a wide range of countries" with a high volume of requests coming from individual IP addresses in Iran, Israel, and Malaysia.

"It is possible that some of these IP addresses may have ties to state-sponsored actors," Twitter said in a statement. "We are disclosing this out of an abundance of caution and as a matter of principle." Changes were made to the endpoint so it no longer returns specific account names in response to queries. Accounts believed to have been exploiting the endpoint are suspended.

Twitter account holders who disabled the option for "Let people who have your phone number find you on Twitter" are not exposed to the vulnerability; neither are those who don't have a phone number linked to their account.

Read more details here.

Edgepromohorizontal.jpgCheck out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "C-Level & Studying for the CISSP."

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights