Twitter Suspends Fake Accounts Abusing Feature that Matches Phone Numbers and Users

  /     /     /  
Publicated : 23/11/2024   Category : security


Twitter Suspends Fake Accounts Abusing Feature that Matches Phone Numbers and Users


The company believes state-sponsored actors may also be involved.



Twitter has disclosed a security incident in which third parties exploited its API to match phone numbers with user accounts. The company has identified and suspended a large network of fake accounts related to the incident and believes state-sponsored actors may also be involved.
The problem came to Twitters attention on Dec. 24, 2019, when it learned someone was using a network of fake accounts to match usernames with phone numbers – a legitimate feature that, if enabled, helps users find each other on the platform. A security researcher
was able
to exploit a flaw in Twitters Android app to match 17 million phone numbers with user accounts.
Following this report, Twitter launched an investigation and discovered more accounts outside the researchers findings that may have been exploiting the same official API endpoint beyond its intended function. The company identified accounts located in a wide range of countries with a high volume of requests coming from individual IP addresses in Iran, Israel, and Malaysia.
It is possible that some of these IP addresses may have ties to state-sponsored actors, Twitter said in a statement. We are disclosing this out of an abundance of caution and as a matter of principle. Changes were made to the endpoint so it no longer returns specific account names in response to queries. Accounts believed to have been exploiting the endpoint are suspended.
Twitter account holders who disabled the option for Let people who have your phone number find you on Twitter are not exposed to the vulnerability; neither are those who dont have a phone number linked to their account.
Read more details
here
.
Check out
The Edge
, Dark Readings new section for features, threat data, and in-depth perspectives. Todays top story:
C-Level & Studying for the CISSP
.

Last News

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Twitter Suspends Fake Accounts Abusing Feature that Matches Phone Numbers and Users