Twitter Security Flaw Exposes 17 Million Phone Numbers

Twitter has just admitted to a serious security flaw that allowed matching phone numbers with their respective Twitter accounts. This flaw was originally pointed out by security researcher Ibrahim Balic in December 2019 but is only being brought to light just now.

The vulnerability was discovered in Twitter’s Android app and it allowed Balic to match over 17 million phone numbers with their user accounts. Twitter was forced to admit that such a massive pairing of corresponding accounts and numbers was beyond that feature’s intended use.

The social media giant discovered hundreds of accounts using this exploit and immediately suspended them once the flaw was pointed out.

These accounts originated from a wide range of countries across the globe but were particularly in high volumes in regions like Iran, Israel, and Malaysia. Twitter believes that some of these accounts may have been sponsored by their respective countries.

Twitter has now patched this feature so it can no longer return specific account names in response to queries. They also explained that users who didn’t have their phone number linked to their accounts remained unaffected.

The case is explained in detail on Twitter’s official blog post here.