A researcher detected a flaw in the Twitter app which resulted in the matching of 17 million phone number details with the respective accounts.
Ibrahim Balic a security researcher found out that it was possible to match generated phone numbers with twitter accounts. He said that he was able to upload mobile phone numbers with the help of the contact upload feature in Twitter’s Android app. When users upload their number on Twitter, the data is fetched and stored automatically by the app.
These generated mobile phone numbers were matching with users residing in different countries like Israel, Iran, France, Germany, Armenia, and Greece, etc. Twitter, however, stopped Ibrahim Balic from doing so by blocking him from twitter on the 20th of December. Not just that Balic also tracked down high-profile personalities like Government officials and politicians.
Twitter after the exploitation came forward with a statement saying: “Upon learning of this bug, we suspended the account used to inappropriately access people’s personal information. Protecting the privacy and safety of the people who use twitter is our number one priority and we remained focused on rapidly stopping spam and abuse originating from the use of twitter’s APIs.”
This wasn’t the first time Twitter mishandled the information. In May last year, Twitter admitted of giving the data of the user’s location to a partner even if the user has canceled sharing its data on the app. In August, the company said it had given a lot of personal information to one of its ad partners. Last month Twitter confessed it had given off mobile phone information that users provided after two-factor authentication for the sake of serving targeted ads.
Twitter is now working day and night to fix this bug so that this feature wouldn’t be exploited by the hacking mafia. A few days ago Twitter’s android app asked the users to update the app due to some vulnerable reason. This was the reason why, the bug did not, however, affect the web version of Twitter.