11.8 C
New York
Thursday, December 3, 2020
Home Trends Twitter suspends ‘large network’ of fake accounts used to match phone numbers...

Twitter suspends ‘large network’ of fake accounts used to match phone numbers to users

Twitter announced today that over the holidays it identified and shut down “a large network of fake accounts,” as well as many others “located in a wide range of countries,” collectively abusing a feature that let them match phone numbers to user accounts.

TechCrunch previously reported this same issue on December 24, which is also the day Twitter says that it “became aware” that the abuse was taking place. Security researcher Ibrahim Balic found that a bug in Twitter’s Android app let him submit millions of phone numbers through an official API, which returned any associated user account.

The feature is intended, if you have enabled it, to let friends who have your number look up your Twitter handle. But obviously submitting millions of numbers goes “beyond its intended use case.”

If you had turned this feature off, you weren’t affected by this bug. Fortunately for users in the EU this was opt-in there. But for the rest of the world it’s opt-out — so if you had a phone number associated with your account, you may have been affected.

Furthermore, the phone numbers include those provided for purposes of two-factor authentication, so those outside the EU may have been vulnerable to this exploit without realizing it.

Twitter admits it used two-factor phone numbers and emails for serving targeted ads

It seems that after Twitter was alerted to the issue and shut down the original network (presumably Balic’s), its investigators identified many more accounts that were exploiting this flaw, though a representative declined to provide a number or estimate.

“We observed a particularly high volume of requests coming from individual IP addresses located within Iran, Israel, and Malaysia,” wrote the company in a security bulletin. “It is possible that some of these IP addresses may have ties to state-sponsored actors,” the post continued.

This suspicion was justified by the observation of unrestricted access to Twitter from the IPs in Iran, where the platform is blocked from general access — suggesting government involvement. Belic, when contacted by TechCrunch, said that his work was not state-sponsored in any way.

Any account suspected of abusing the feature was suspended, and the API itself has been modified to prevent any further exploitation of this type. I’ve asked the company how many accounts were suspended and will update this post if I hear back.

Twitter has had numerous incidents where it exposed or leaked user data over the last year. In addition to sharing rather too much data with its ad partners, the company admitted it used phone numbers used for two-factor authentication to serve targeted ads.

Source: TechCrunch

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

- Advertisment -

Most Popular

Bri Innovations Launches Two “Sensibly Innovative” Products

Recently, we have seen a surge in new products that would never have been thought, if the covid had not affected India. It’s an...

Vaccine Update: The UK Turns Out To Be The First Nation To Affirm Pfizer’s COVID -19 Antibody, First Shots Turn Out One Week From...

The United Kingdom has become the main Western country to favor a Covid-19 antibody, a milestone second in the COVID pandemic that makes ready...

Nearly 100 world leaders to speak at UN session on COVID-19

Nearly 100 world leaders and several dozen ministers are slated to speak at the U.N. General Assembly's special session starting Thursday on the response...

MDH owner Mahashay Dharampal Gulati passes away

Mahashay Dharampal Gulati, owner of the famous spice company MDH Masala, passed away Thursday morning at a city hospital. Gulati (97) was undergoing treatment at...

Recent Comments

%d bloggers like this: