Twitter has been busy with some annoying bugs along this year. As Twitter users know, from reducing notifications every time someone unfollowed a user to mislabelled retweets. Now the social networking giant got another issue to deal with.
A security researcher claims he was able to match 17 million phone numbers to actual Twitter accounts, it exposes a flaw in Twitter’s Android mobile app. He said bug is only present on the Android app.
Ibrahim Balic was a security researcher who was able to upload a large list of phone numbers using the contacts upload feature on Twitter’s Android app. When users upload a mobile number, Twitter fetches relevant user data.
Security researcher Balic explained that Twitter doesn’t allow users to upload lists of phone numbers in a sequence. So, he worked around the limitation by generating over two billion phone numbers and then arranged them in random order. The security researcher claims that he was able to match phone numbers from users in several countries including Iran, Israel, France, Greece, Armenia, Germany, and others.
Twitter blocked Balic’s attempts on 20th December, said by the researcher. Balic was able to match mobile phone numbers of high-profile Twitter users, including politicians and government officials. He directly warned them via WhatsApp instead of Twitter.
Last week, Twitter asked its Android app users to update the app. It’s still unclear whether this newly fixed version of the app able to protect it or not.