Epaper
Follow us:
Home > Technology > Twitter suspends accounts used to match phone nos with users
Twitter suspends accounts used to match phone nos with users | Twitter suspends accounts used to match phone nos with users | English.Lokmat.Com

Twitter suspends accounts used to match phone nos with users

Twitter has revealed that it has suspended a large network of fake accounts that exploited a bug to match usernames to phone numbers.
Twitter suspends accounts used to match phone nos with users

"While we identified accounts located in a wide range of countries engaging in these behaviours, we observed a particularly high volume of requests coming from individual IP addresses located within Iran, Israel, and Malaysia," Twitter said in a blog post on Monday.

"It is possible that some of these IP addresses may have ties to state-sponsored actors. We are disclosing this out of an abundance of caution and as a matter of principle," the social media platform said.

In December last year, security researcher Ibrahim Balic found that it was possible to upload entire lists of generated phone numbers through Twitter's contacts upload feature, TechCrunch reported.

He claimed that he matched 17 million phone numbers to user accounts - including high-profile politic and officials.

"If you upload your phone number, it fetches user data in return," he was quoted as saying.

In one case, TechCrunch was able to identify a senior Israeli politician using their matched phone number.

"We're very sorry this happened. We recognise and appreciate the trust you place in us, and are committed to earning that trust every day," Twitter said in the blog post.

Over a two-month period, Balic began alerting users directly and when Twitter came to know, the micro-blogging platform blocked his efforts on December 20.

Balic had created a WhatsApp group to alert users.

He generated more than two billion phone numbers, one after the other, then randomised the numbers, and uploaded them to Twitter through the Android app.

The bug did not exist in the web-based upload feature.

Twitter said that the vulnerability affected those people who enabled the "Let people who have your phone number find you on Twitter" option and who had a phone number associated with their Twitter account.

"People who did not have this setting enabled or do not have a phone number associated with their account were not exposed by this vulnerability," Twitter said.

"After our investigation, we immediately made a number of changes to this endpoint so that it could no longer return specific account names in response to queries. Additionally, we suspended any account we believe to have been exploiting this endpoint," it added.

( With inputs from IANS )

Twitter suspends accounts used to match phone nos with users
POCO X2 launched in India at starting price of Rs 15,999
Apple TV app, TV+ now available on 2019 LG TVs
Virtual traffic jams: Google 'appreciates' creative use of maps
Accenture opens innovation hub in Hyderabad
Corona
Patients933
Died20
Corona
Patients617,351
Died28,377
Corona
Coronavirus Live updates! Around the world