Technology
Twitter exploit let ‘bad actors’ match phone numbers to accounts
For dissidents around the globe, Twitter remains the tool of choice for speaking out against their repressive governments.
With that in mind, it’s easy to see why today’s announcement from the social media company is so troubling. Twitter, in a Monday blog post and corresponding statement, announced it had discovered that “bad actors” with possible state-sponsored connections had found a way to tie phone numbers to Twitter accounts en masse.
In other words, a hacker using this exploit could potentially reveal the identity of a person tweeting under a pseudonym who has their account tied to a phone number. Or, alternatively, it’s worth remembering that determining the phone number connected to an account is often a crucial step in hacking it.
“On December 24, 2019 we became aware that someone was using a large network of fake accounts to exploit our API and match usernames to phone numbers,” reads the Twitter blog post. “While we identified accounts located in a wide range of countries engaging in these behaviors, we observed a particularly high volume of requests coming from individual IP addresses located within Iran, Israel, and Malaysia.”
With Saudi Arabia’s documented real-world harassment of dissidents, for example, it’s easy to see how such exploits could lead to real-world harm.
“It is possible that some of these IP addresses may have ties to state-sponsored actors,” continued the blog post.
We’ve reached out to Twitter to determine how many users were affected and if the company planned to notify users whose phone numbers were tied to accounts in the manner described. We’ve received no immediate response at present.
Importantly, not everyone was vulnerable to this specific exploit. According to Twitter, the bad actors in question could only tie your account to a phone number if your account met two specific criteria.
SEE ALSO: Jeff Bezos tweets reminder that Saudi government murdered a journalist
First, you had to have added a phone number to your account. However, with many people doing that very thing to enable two-factor authentication, a lot of folks fall into that bucket. Secondly, and this should narrow things down a bit, you must have selected the “Let people who have your phone number find you on Twitter” option.
Now would be a good time to make sure you don’t have that setting enabled. It would also be a great time for Twitter to consider removing it altogether.
-
Entertainment7 days ago
What’s on the far side of the moon? Not darkness.
-
Business6 days ago
TikTok faces a ban in the US, Tesla profits drop and healthcare data leaks
-
Business6 days ago
London’s first defense tech hackathon brings Ukraine war closer to the city’s startups
-
Entertainment7 days ago
How to watch ‘The Idea of You’: Release date, streaming deals
-
Entertainment6 days ago
Mark Zuckerberg has found a new sense of style. Why?
-
Business5 days ago
Humanoid robots are learning to fall well
-
Entertainment5 days ago
2024 summer TV preview: 33 TV shows to watch this summer
-
Business4 days ago
Google Gemini: Everything you need to know about the new generative AI platform