Twitter says a bug may have allowed hackers to acess your phone number | HT Tech

Twitter says a bug may have allowed hackers to acess your phone number

Twitter said that it had identified a “high volume of requests” to use the feature coming from IP addresses in Iran, Israel and Malaysia.

By: REUTERS
| Updated on: Feb 04 2020, 09:46 IST
Twitter was unable to identify all of the accounts that may have been impacted.
Twitter was unable to identify all of the accounts that may have been impacted. (HT Web)

Twitter said on Monday that it had discovered attempts by possible state actors to access the phone numbers associated with user accounts, after a security researcher unearthed a flaw in the company's "contacts upload" feature.

In a statement published on its privacy blog, Twitter said it had identified a "high volume of requests" to use the feature coming from IP addresses in Iran, Israel and Malaysia. It said, without elaborating, that "some of these IP addresses may have ties to state-sponsored actors."

You may be interested in

MobilesTablets Laptops
7% OFF
Apple iPhone 15 Pro Max
  • Black Titanium
  • 8 GB RAM
  • 256 GB Storage
23% OFF
Samsung Galaxy S23 Ultra 5G
  • Green
  • 12 GB RAM
  • 256 GB Storage
Google Pixel 8 Pro
  • Obsidian
  • 12 GB RAM
  • 128 GB Storage
Apple iPhone 15 Plus
  • Black
  • 6 GB RAM
  • 128 GB Storage

A company spokeswoman declined to say how many user phone numbers had been exposed, saying Twitter was unable to identify all of the accounts that may have been impacted.

Also read
Looking for a smartphone? To check mobile finder click here.

She said Twitter suspected a possible connection to state-backed actors because the attackers in Iran appeared to have had unrestricted access to Twitter, even though the network is banned there.

Tech publication TechCrunch reported on December 24 that a security researcher, Ibrahim Balic, had managed to match 17 million phone numbers to specific Twitter user accounts by exploiting a flaw in the contacts feature of its Android app. TechCrunch said it was able to identify a senior Israeli politician by matching a phone number through the tool.

The feature, which allows people with a user's phone number to find and connect with that user on Twitter, is off by default for users in the European Union where stringent privacy rules are in place. It is switched on by default for all other users globally, the spokeswoman said.

Twitter said in its statement that it has changed the feature so it no longer reveals specific account names in response to requests. It has also suspended any accounts believed to have been abusing the tool.

However, the company is not sending individual notifications to users whose phone numbers were accessed in the data leak, which information security experts consider a best practice.

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 04 Feb, 08:56 IST
NEXT ARTICLE BEGINS