Twitter recently alerted Android users that their data may have been compromised, saying:

We recently fixed a vulnerability within Twitter for Android that could allow a bad actor to see nonpublic account information or to control your account

That vulnerability may be related to a hack by security researcher, Ibrahim Balic, who managed to use the ability of Twitter to check phone numbers in your phone book against their user list to see which tweeters you know to match 17 million twitter accounts with phone numbers, reports TechCrunch.

Balic generated 2 billion phone numbers and uploaded these to twitter over a period of two months, and was rewarded with the 17 million matching accounts, potentially exposing the identity of anonymous users.

Twitter’s only defence was to block the uploading of sequential numbers, but this was easily worked around by randomizing the order of the numbers.

Twitter eventually detected the hack and blocked the uploading of the numbers, but has not officially acknowledged the hack. It is also not known if the same vulnerability exists with other social networks which use the same phone number matching feature.

Via Neowin

Comments