fbpx
News

Twitter confirms attackers misused its phone number matching feature

The social media giant suspended the accounts that were misusing the feature

Twitter logo on a phone

Twitter has disclosed that it found and deleted accounts that were misusing a feature that lets people match phone numbers with usernames.

The flaw was discovered in December by a security researcher. The researcher said he was able to exploit a bug in Twitter’s Android app, and matched 17 million phone numbers to users’ accounts.

He found that it was possible to upload full lists of generated phone numbers through the platform’s contacts upload feature.

Although users can look up contacts through their numbers, the social media giant says this feature is not meant for matching a large amount of numbers with accounts.

“After our investigation, we immediately made a number of changes to this endpoint so that it could no longer return specific account names in response to queries,” Twitter wrote in a blog post.

Twitter suspended the first set of accounts that were misusing the feature. It says that most of the accounts were from Iran, Israel and Malaysia.

The social media giant updated its API to prevent people from taking advantage of the feature in the future.

Source: Twitter Via: Engadget 

Related Articles

Comments