Skip to main content

A Twitter bug could use your phone number to expose personal information

Don’t upload your contacts to Twitter. If you do, or if you already have on your Android device, your phone number could be one of 17 million exposed on the app, a bug first reported by TechCrunch.

Security researcher Ibrahim Balic, who is based in London, told the site he was able to match records in seven different countries, including one of a senior Israeli politician and several other high-profile users. He did this when he discovered that when one uploads one’s contacts, the app would “fetch user data in return,” he told TechCrunch. It was then possible to match the phone numbers uploaded into the app with the Twitter records and figure out account usernames.

Recommended Videos

Twitter had previously reported a security flaw in its Android app on December 20 that, it said in a statement at the time, “could allow a bad actor to see nonpublic account information or to control your account (i.e., send Tweets or Direct Messages).”

Please enable Javascript to view this content

But the flaw that Twitter reported appeared to depend on the insertion of malicious code. This new flaw that Balic reported involves no malicious code; it simply involves knowing someone’s phone number and being able to figure out their Twitter persona from that information alone.

This is the latest in a serious of bugs or hacking attacks that has plagued Twitter and other social networks, including Facebook. In November, both apps said the date of “hundreds of users” was comprised through faulty Android apps. Emails, usernames, and recent tweets were all exposed. In both this recent case and the one in November, Twitter said at the time that it had no evidence that anyone’s account was actually hacked or exploited, although it did admit there were two bad actors involved who were paying developers to use malicious software development kits.

Twitter has suffered a few huge leaks in the past several years, including one in 2016 that exposed the login credentials of 32.8 million users, and another in 2018 wherein Twitter urged 330 million users to change their passwords after they were exposed on the company’s internal network.

Maya Shwayder
I'm a multimedia journalist currently based in New England. I previously worked for DW News/Deutsche Welle as an anchor and…
Some accounts had private messages stolen in Twitter hack
Twitter symbol photo. Credits: Twitter official.

Twitter has shared more details about how dozens of high-profile accounts were accessed and used to promote a cryptocurrency scam this week.

Twitter has already revealed that around 130 accounts were targeted in the hack, including accounts of prominent political figures like Barack Obama and Joe Biden as well as cryptocurrency enthusiasts Elon Musk and other celebrities like Kanye West.

Read more
Twitter says 130 accounts were targeted in massive Bitcoin hack
Twitter Bitcoin

Twitter has released more information about the major hack it suffered on Wednesday, July 15 that resulted in a large number of high-profile accounts tweeting messages as part of a Bitcoin scam.

In several tweets posted on Thursday evening, the company said that around 130 accounts had been targeted in the breach, which is thought to have been enabled after the hackers convinced a number of Twitter employees into giving access to the social media site’s systems.

Read more
FBI moves in to investigate Twitter’s massive Bitcoin hack
Twitter symbol photo. Credits: Twitter official.

The Federal Bureau of Investigation (FBI) is now examining the major hack that hit Twitter on Wednesday, July 17, in a bid to find out who was behind the incident, the Wall Street Journal reports

Twitter accounts belonging to Barack Obama, Joe Biden, Bill Gates, Elon Musk, and Jeff Bezos, among other high-profile users of the microblogging service, were hit in a scam that involved a fake tweet encouraging followers to send payments to a Bitcoin wallet. It had some success, too, as data on Blockchain.com showed that more than $115,000 via 392 transactions was sent to the Bitcoin wallet posted in the messages.

Read more