Twitter for Android privacy vulnerability let researcher match accounts with 17 million phone numbers

Reading time icon 1 min. read


Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

twitter for android

Twitter recently alerted Android users that their data may have been compromised, saying:

We recently fixed a vulnerability within Twitter for Android that could allow a bad actor to see nonpublic account information or to control your account

That vulnerability may be related to a hack by security researcher, Ibrahim Balic, who managed to use the ability of Twitter to check phone numbers in your phone book against their user list to see which tweeters you know to match 17 million twitter accounts with phone numbers, reports TechCrunch.

Balic generated 2 billion phone numbers and uploaded these to twitter over a period of two months, and was rewarded with the 17 million matching accounts, potentially exposing the identity of anonymous users.

Twitter’s only defence was to block the uploading of sequential numbers, but this was easily worked around by randomizing the order of the numbers.

Twitter eventually detected the hack and blocked the uploading of the numbers, but has not officially acknowledged the hack. It is also not known if the same vulnerability exists with other social networks which use the same phone number matching feature.

Via Neowin

User forum

0 messages