Twitter Android Bug Matched 17M Phone Numbers to Accounts

Twitter logo

By exploiting a bug in the Twitter Android app, security researcher Ibrahim Balic matched 17 million phone numbers to Twitter accounts (via TechCrunch).

17M Numbers

What Mr. Balic discovered was the ability to upload entire lists of generated phone numbers using Twitter’s upload contacts feature. Although it doesn’t accept lists of phone numbers in sequential order, he randomized over 2 billion numbers. He also noted it didn’t work on Twitter.com.

While he did not alert Twitter to the vulnerability, he took many of the phone numbers of high-profile Twitter users — including politicians and officials — to a WhatsApp group in an effort to warn users directly.

It’s not believed Balic’s efforts are related to a Twitter blog post published this week, which confirmed a bug could have allowed “a bad actor to see nonpublic account information or to control your account,” such as tweets, direct messages and location information.

Twitter said it was working on a fix.

Further Reading

[Twitter Trolls Used Animated PNGs to Attack Epileptics]

[macOS Catalina: How to Make the Cursor Bigger]

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.