Twitter bug matched phone numbers to accounts in Armenia, Iran, France

Twitter bug matched phone numbers to accounts in Armenia, Iran, France

PanARMENIAN.Net - A security researcher said he has matched 17 million phone numbers to Twitter user accounts by exploiting a flaw in Twitter’s Android app.

Over a two-month period, Ibrahim Balic matched records from users in Israel, Turkey, Iran, Greece, Armenia, France and Germany, he said, but stopped after Twitter blocked the effort on December 20.

Balic found that it was possible to upload entire lists of generated phone numbers through Twitter’s contacts upload feature. “If you upload your phone number, it fetches user data in return,” he said, according to TechCrunch.

He said Twitter’s contact upload feature doesn’t accept lists of phone numbers in sequential format — likely as a way to prevent this kind of matching. Instead, he generated more than two billion phone numbers, one after the other, then randomized the numbers, and uploaded them to Twitter through the Android app. (Balic said the bug did not exist in the web-based upload feature.)

While he did not alert Twitter to the vulnerability, he took many of the phone numbers of high-profile Twitter users — including politicians and officials — to a WhatsApp group in an effort to warn users directly.

A Twitter spokesperson said the company was working to “ensure this bug cannot be exploited again.”

 Top stories
Playrix Armenia is already on its way to becoming the largest gaming company in the region," said co-founder of Playrix.
"The company plans to implement all necessary measures for disinfection and containment promptly," Samsung said.
Sony is preparing to replace the PS4 console, releasing its PlayStation 5 the same holiday season with Xbox Series X.
Armen Sarkissian and Apple CEO Tim Cook met on the sidelines of the World Economic Forum in Davos.
Partner news