Skip to main content

Twitter says state-backed attackers may have nabbed phone numbers

Twitter has revealed more details about a security incident that allowed attackers to discover phone numbers attached to numerous accounts on its platform.

Recommended Videos

The process involved exploiting a feature, which, when used in the intended way, lets new sign-ups find friends who are already on Twitter by inputting their phone number. The feature works for those who have enabled the “Let people who have your phone number find you on Twitter” option and who have a phone number associated with their Twitter account.

Please enable Javascript to view this content

The company said that during a recent investigation, it discovered and subsequently shut down a large network of fake accounts that may have been attempting to match a huge number of generated phone numbers to Twitter accounts.

It said it realized something was wrong when it observed “a particularly high volume” of attempts coming from individual IP addresses located within Iran, Israel, and Malaysia, adding, “It is possible that some of these IP addresses may have ties to state-sponsored actors.” Speaking to Reuters, a Twitter spokesperson said its team had particular concerns about Iran as the attackers seemed to have had unrestricted access to the social media platform despite it being banned in the country.

Twitter said it has now made changes to its system to prevent similar attacks in the future, and also shut down the accounts that it believed were attempting to exploit the flaw.

Background

The issue was first exposed in December 2019 by London-based security researcher Ibrahim Balic. It seems that it was Balic’s discovery that prompted Twitter’s investigation, which led to the suspected state-backed attackers. Balic showed that he was able to match 17 million phone numbers to Twitter accounts by uploading more than 2 billion random numbers to the service. The exercise enabled him to discover the phone numbers of various high-profile Twitter users, among them politicians and officials.

The incident is the latest in a series of security mishaps to hit Twitter. Late last year, for example, the company revealed it had patched a vulnerability in its Android app that could have let malicious actors view information of private accounts and take over profiles, and even send direct messages and tweets on the target account’s behalf. Another error saw the platform reveal the tweets of protected accounts.

Announcing details of security incidents is part of Twitter’s recently launched effort to be more transparent with its community of around 330 million people globally.

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Did you have an iPhone 7? Apple may still owe you money
how to reset an iPhone

It’s been years since the iPhone 7 was released in 2016, but the class action lawsuit against Apple over audio issues has finally worked its way through the courts, resulting in a $35 million settlement. The good news is that if you weren’t aware of this settlement and you are an iPhone 7 or iPhone 7 Plus owner, you may still be able to claim the settlement money.

The original deadline for the settlement was June 3, 2024, but the United States District Court for the Northern District of California revised it to July 3, 2024, for unknown reasons.

Read more
iOS 18 may have a fun surprise for longtime iPhone fans
Apple iPhone 6S

If you’ve been a longtime iPhone user, you’ve probably seen every default wallpaper iOS has to offer — and you’ve likely had a few favorites that you miss. The good news is that, according to the latest news about Worldwide Developers Conference (WWDC) 2024, Apple is set to bring back many old-school wallpapers dating back to the early days of the Mac and iPhone.

“Apple’s devices are getting new wallpaper packs, including Mac versions that reference old-school icons and slogans,” said Bloomberg’s Mark Gurman in a report. “The iPhone wallpapers will have options that look similar to early ones on the phone.”

Read more
Samsung may have a big surprise in store with its next folding phone
A person holding the open Samsung Galaxy Z Fold 5, showing the screen.

As Mobile World Congress (MWC) 2024 continues in Barcelona, Spain, there are whispers that Samsung could be releasing not one, but two Galaxy Z Fold 6 models. More specifically, one of them could be a Galaxy Z Fold 6 Ultra, at least according to a report from WinFuture. If this is the case, it will be the first time that Samsung releases two Z Fold variants at the same time — and the first time we've seen an Ultra model in the Z Fold family.

For some time now, there has been a rumor that Samsung was possibly launching a second “fold” in the Galaxy Z series, which currently includes the Galaxy Z Fold 5 and Galaxy Z Flip 5. However, most of the rumors up until this point have suggested that a second “Fold” model would have been a cheaper, more affordable variant. However, that may not be the case.

Read more