Twitter says state-backed actors may have accessed users' phone numbers

The company declined to say how many user phone numbers had been exposed

Reuters February 04, 2020
facebook whatsup linkded
photo reuters
PHOTO: REUTERS
SAN FRANCISCO: Twitter said on Monday that it had discovered attempts by possible state actors to access the phone numbers associated with user accounts after a security researcher unearthed a flaw in the company’s “contacts upload” feature.

In a statement published on its privacy blog, Twitter said it had identified a “high volume of requests” to use the feature coming from IP addresses in Iran, Israel, and Malaysia. It said, without elaborating, that “some of these IP addresses may have ties to state-sponsored actors.”

A company spokeswoman declined to say how many user phone numbers had been exposed, saying Twitter was unable to identify all of the accounts that may have been impacted.

Chilling video released of hacker talking through smart camera

She said Twitter suspected a possible connection to state-backed actors because the attackers in Iran appeared to have had unrestricted access to Twitter, even though the network is banned there.

Tech publication TechCrunch reported on December 24 that a security researcher, Ibrahim Balic, had managed to match 17 million phone numbers to specific Twitter user accounts by exploiting a flaw in the contacts feature of its Android app. TechCrunch said it was able to identify a senior Israeli politician by matching a phone number through the tool.

Hacker used $35 computer to steal NASA data

The feature, which allows people with a user’s phone number to find and connect with that user on Twitter, is off by default for users in the European Union where stringent privacy rules are in place. It is switched on by default for all other users globally, the spokeswoman said.

Twitter said in its statement that it has changed the feature so it no longer reveals specific account names in response to requests. It has also suspended any accounts believed to have been abusing the tool.

However, the company is not sending individual notifications to users whose phone numbers were accessed in the data leak, which information security experts consider a best practice.
facebook whatsup linkded

COMMENTS

Replying to X

Comments are moderated and generally will be posted if they are on-topic and not abusive.

For more information, please see our Comments FAQ

Join Us

Entertainment

article

Young Thug makes first appearance post-jail in FaceTime call set up by T.I.
VIEW MORE

LATEST

indonesia s smartphone sales ban targets google after apple

Indonesia's smartphone sales ban targets Google after Apple

nvidia to replace intel on dow jones industrial average

Nvidia to replace Intel on Dow Jones industrial average

400 year old vampire brought back to life by scientists

400 year old 'vampire brought back to life' by scientists

disney launches new division to drive ai across film tv and theme parks

Disney launches new division to drive AI across film, TV, and theme parks

apple to acquire pixelmator creator of iphone and mac image editing apps

Apple to acquire Pixelmator, creator of iPhone and Mac image editing apps

openai releases chatgpt search engine what makes it different from other ai rivals

OpenAI releases ChatGPT search engine: What makes It different from other AI rivals?

OPINION

intolerant perpetual motion machine

Intolerant perpetual motion machine

shenanigans at the stock market

Shenanigans at the stock market

mr trump it s time to partner pakistan s progression

Mr Trump, it's time to partner Pakistan's progression!

26th constitutional amendment experimentation continues

26th constitutional amendment: experimentation continues

lahore biennials promoting art to catalyse societal change

Lahore Biennials - promoting art to catalyse societal change

iran and israel hesitance to war

Iran and Israel - hesitance to war

FOLLOW US

This material may not be published, broadcast, rewritten, redistributed or derived from. Unless otherwise stated, all content is copyrighted © 2024 The Express Tribune.