Source: Flaw in Twitter Android app lets researcher match 17 MILLION phone numbers with user accounts | Daily Mail Online. A security researcher is warning Android users not to upload their contacts to the Twitter app after he was able to match 17 million phone numbers to their respective user accounts.
- Researcher discovered a security flaw in Twitter’s Android app
- When he uploaded phone numbers, he could match them with user accounts
- Users were mostly from Israel, Turkey, Iran, Greece, Armenia and Germany
A researcher is warning Android users not to upload their contacts to Twitter after he was able to match 17 million phone numbers to their respective user accounts.
Ibrahim Balic uploaded a list of generated phone numbers through the contacts upload feature, which he told TechCrunch ‘fetches user data in return’.
Balic told TechCrunch that because the list would not be accepted in sequential format, he had to randomize the numbers before uploading them through the Android app – the flaw does not exist on the desktop site.
For two months he uploaded numbers, matching them to 17 million users in Israel, Turkey, Iran, Greece, Armenia, France and Germany.
He only stopped uploading numbers after Twitter blocked him on December 20th.
Although Balic did not alert Twitter to the bug, he took it upon himself to let high-profile users know about it via WhatsApp.
The flaw comes just a few months after Twitter found itself in hot water after a leak was exposing users’ personal data such as phone numbers and email addresses.
The social site said it mistakenly used the phone numbers and email addresses people provided for security purposes to show advertisements to its users but refused to say how many accounts were impacted.