7 million phone numbers matched to unique Twitter user accounts due to flaw
7 million phone numbers matched to unique Twitter user accounts due to flaw
A security researcher claimed to leverage a flaw in Twitter’s Android app and successfully match 17 million phone numbers to unique Twitter user accounts.
Researcher’s path to the bug
Recently, a security researcher named Ibrahim Balic found a Twitter bug that can be used to match 17 million phone numbers to unique Twitter user accounts. This came after he carried on with his experiments for months. According to the researcher, he could upload a large list of mobile phone numbers using the contacts upload feature on Twitter's Android app.
He further noted that Twitter fetched relevant matching user data upon uploading the contacts. “If you upload your phone number, it fetches user data in return,” he told TechCrunch. Balic matched records from users in Israel, Turkey, Iran, Greece, Armenia, France and Germany for over two months, until Twitter blocked the effort on December 20.
Security researcher Ibrahim Balic explained that Twitter’s contact upload feature doesn’t accept lists of phone numbers in sequential format—maybe only to prevent this kind of matching. So, he generated more than two billion phone numbers, one after the other instead. He then randomized the numbers and uploaded them to Twitter through the Android app.** (Balic said the bug did not exist in the web-based upload feature.)** Through this, he could retrieve matching user data.
Comments ( 0 )
No comments available