Twitter Bug Exposed Millions of User Phone Numbers
A security researcher was able to use a bug in the Twitter Android app to identify millions of Twitter users, connecting their phone numbers to their Twitter IDs. The exploit could expose failures in the company’s two-factor authentication system and give other security developers pause. Twitter Bug Exposed Millions of User Phone Numbers
According to a TechCrunch report, the researcher, Ibrahim Balic, created randomized lists of phone numbers and sent them to Twitter.
“If you upload your phone number, it fetches user data in return,” he said.
The user data allowed Balic to find phone numbers for many major Twitter “celebrities” including the private number of a “senior Israeli politician.”
“Upon learning of this bug, we suspended the accounts used to inappropriately access people’s personal information. Protecting the privacy and safety of the people who use Twitter is our number one priority and we remain focused on rapidly stopping spam and abuse originating from use of Twitter’s APIs,” a Twitter spokesperson said.
The bug exposed user accounts when Balic uploaded millions of phone numbers and asked Twitter to match them with users. Typically this interface is used only when new users install the app on their phone but, using a set of API calls, Balic was able to spoof this behavior. The resulting breach of privacy – essentially connecting real numbers to real Twitter handles – could reduce the efficacy of two-factor authentication schemes popular on financial applications and wallets.
Related Articles:
U.S. Cyber Officials Give Holiday Shopping Advice For Consumers
Is Cayla The Toy Doll A Domestic Spy?
Google’s “Project Nightingale” Faces Government Inquiry Over Patient Privacy.
Which Password Managers Have Been Hacked?
DNS Over HTTPS Increases User Privacy And Security By Preventing Eavesdropping And Manipulation
Russia Steps Up Efforts To Shield Its Hackers From Extradition To U.S.
Barr Revives Debate Over ‘Warrant-Proof’ Encryption (#GotBitcoin?)
Should Consumers Be Able To Sell Their Own Personal Data?
Doordash Says Security Breach Affected Millions Of People (#GotBitcoin?)
Fraudsters Used AI To Mimic CEO’s Voice In Unusual Cybercrime Case (#GotBitcoin?)
Pearson Hack Exposed Details on Thousands of U.S. Students (#GotBitcoin?)
Cyber Hack Got Access To Over 700,000 IRS Accounts (#GotBitcoin?)
Take A Road Trip With Hotel Hackers (#GotBitcoin?)
Hackers Target Loyalty Rewards Programs (#GotBitcoin?)
Taxpayer Money Finances IRS “Star Trek” Parody (#GotBitcoin?)
IRS Fails To Prevent $1.6 Billion In Tax Identity Theft (#GotBitcoin?)
IRS Workers Who Failed To Pay Taxes Got Bonuses (#GotBitcoin?)
Trump DOJ Declines To Charge Lois Lerner In IRS Scandal (#GotBitcoin?)
DMV Hacked! Your Personal Records Are Now Being Transmitted To Croatia (#GotBitcoin?)
Poor Cyber Practices Plague The Pentagon (#GotBitcoin?)
Tensions Flare As Hackers Root Out Flaws In Voting Machines (#GotBitcoin?)
Overseas Traders Face Charges For Hacking SEC’s Public Filings Site (#GotBitcoin?)
Group Hacks FBI Websites, Posts Personal Info On Agents. Trump Can’t Protect You! (#GotBitcoin?)
SEC Hack Proves Bitcoin Has Better Data Security (#GotBitcoin?)
Leave a Reply
You must be logged in to post a comment.