A security researcher says he was able to exploit a bug in Twitter’s Android app and matched 17 million phone numbers to users’ accounts.
He found that it was possible to upload full lists of generated phone numbers through the platform’s contacts upload feature. He explained to TechCrunch that if you upload your phone number, it fetches user data.
The researcher generated more than two billion phones numbers and then uploaded them to Twitter through the Android app.
He was able to match records to users located in France, Germany, Iran, Greece, Turkey, Israel and Armenia. Twitter then blocked the flaw on December 20th.
In one of the cases, he was able to identify an Israeli politician through their matched phone number. Although he did not notify Twitter, he says he warned high-profile Twitter users to warn them.