Twitter For Android App Bug Allowed Matching Users’ Phone Numbers

Twitter for Android app had another bug that exposed users’ phone numbers. By exploiting the vulnerability, a researcher succeeded in matching 17 million phone numbers with Twitter accounts.

Twitter For Android App Bug

Reportedly, researcher Ibrahim Balic discovered a bug in the Twitter for Android app. As per his findings, the bug allowed matching users’ phone numbers without hassle.

Sharing the details with TechCrunch, the researcher revealed,

If you upload your phone number, it fetches user data in return.

The bug existed with Twitter’s contacts upload feature that accepted entire lists of phone numbers. Though the feature didn’t allow lists in a sequential format, it did accept random ones.

Hence, to test the bug the researcher generated a random list of two billion phone numbers. He then uploaded them to Twitter via the Android app.

Consequently, he could match 17 million phone numbers in a period of two months. Whereas, the affected users predominantly belonged to Israel, Greece, Armenia, Iran, Turkey, Germany and France.

Twitter Addressed The Matter

Instead of informing Twitter, the researcher went on to directly alert users by sharing some high-profile numbers in a WhatsApp group. While the researcher continued matching users’ phone numbers, Twitter eventually blocked the procedure on December 20, 2019. According to a Twitter spokesperson’s statement to TechCrunch,

Upon learning of this bug, we suspended the accounts used to inappropriately access people’s personal information. Protecting the privacy and safety of the people who use Twitter is our number one priority and we remain focused on rapidly stopping spam and abuse originating from use of Twitter’s APIs.

Recently, Twitter has also disclosed a vulnerability that allowed an attacker to take control of users’ accounts. While both the reports surfaced online one after another, it seems unlikely that the two are related. Rather, considering the nature and exploitation of the bugs, the two actually appear distinct.

Let us know your thoughts in the comments.

The following two tabs change content below.

Avatar
Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]
Avatar

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *