Skip to main content

Twitter says state-backed attackers may have nabbed phone numbers

Twitter has revealed more details about a security incident that allowed attackers to discover phone numbers attached to numerous accounts on its platform.

Recommended Videos

The process involved exploiting a feature, which, when used in the intended way, lets new sign-ups find friends who are already on Twitter by inputting their phone number. The feature works for those who have enabled the “Let people who have your phone number find you on Twitter” option and who have a phone number associated with their Twitter account.

The company said that during a recent investigation, it discovered and subsequently shut down a large network of fake accounts that may have been attempting to match a huge number of generated phone numbers to Twitter accounts.

It said it realized something was wrong when it observed “a particularly high volume” of attempts coming from individual IP addresses located within Iran, Israel, and Malaysia, adding, “It is possible that some of these IP addresses may have ties to state-sponsored actors.” Speaking to Reuters, a Twitter spokesperson said its team had particular concerns about Iran as the attackers seemed to have had unrestricted access to the social media platform despite it being banned in the country.

Twitter said it has now made changes to its system to prevent similar attacks in the future, and also shut down the accounts that it believed were attempting to exploit the flaw.

Background

The issue was first exposed in December 2019 by London-based security researcher Ibrahim Balic. It seems that it was Balic’s discovery that prompted Twitter’s investigation, which led to the suspected state-backed attackers. Balic showed that he was able to match 17 million phone numbers to Twitter accounts by uploading more than 2 billion random numbers to the service. The exercise enabled him to discover the phone numbers of various high-profile Twitter users, among them politicians and officials.

The incident is the latest in a series of security mishaps to hit Twitter. Late last year, for example, the company revealed it had patched a vulnerability in its Android app that could have let malicious actors view information of private accounts and take over profiles, and even send direct messages and tweets on the target account’s behalf. Another error saw the platform reveal the tweets of protected accounts.

Announcing details of security incidents is part of Twitter’s recently launched effort to be more transparent with its community of around 330 million people globally.

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
What iPhone do I have? How to find out your iPhone model number
Close-up of the iPhone SE 2022 and iPhone 14 Plus camera modules.

Since its landmark introduction in 2007, Apple has released 42 iPhone models, and with at least four new ones introduced every fall, the company is showing no signs of slowing down.

In all that time, Apple has made relatively few significant design changes. The company tends to stick with established designs for three or four years before changing things up, which can sometimes make it difficult to tell which iPhone model you have —  especially if you're getting a secondhand iPhone (with no box to offer a hint) rather than a new one.

Read more
Use Comcast for internet? Your personal data may have been hacked
A building with the Xfinity logo on it.

Comcast, alongside several other big corporations, has recently suffered a devastating data breach. According to reports, it's possible that hackers got their hands on the data of up to 36 million Comcast Xfinity customers, meaning the company's cable television and internet department. Although the company is pretty tight-lipped about it, the data breach occurred over two months ago. Here's what we know and what you should do to protect yourself.

The hackers were able to access those masses of customer information through a vulnerability known as "CitrixBleed." It's found in Citrix networking devices that Comcast and other huge corporations use. The exploit was initially discovered in August and appears to have been used in cyberattacks on not just Comcast but also many other companies, including Boeing.

Read more
X, formerly Twitter, may be about to test 3 subscription tiers
A white X on a black background, which could be Twitter's new logo.

X owner Elon Musk said last month that the platform formerly known as Twitter would probably introduce a subscription fee for all of its users.

In the last few days, the story has taken a further twist after Bloomberg reported that the company is testing three subscription tiers, with those paying the most seeing the fewest number of adverts.

Read more