11.02 2020 10:50h

Security Flaw Uncovered Regarding Twitter’s Phone Number Account Matching

The platform identifies cracks in its system and quickly recovers it
Twitter, Twitter Updates, Twitter Update, Twitter hacked, Social media 2020, Social Media, Social media app, Social Media Addiction, Social Media Updates, Social Media Update

This week Twitter revealed that it has recently detected a security vulnerability in its account matching systems which may have led to the exposing of people’s personal information via the application.

"On December 24, 2019 we became aware that someone was using a large network of fake accounts to exploit our API and match usernames to phone numbers,” Twitter explained.

“We immediately suspended these accounts and are disclosing the details of our investigation, because we believe it’s important that you are aware of what happened, and how we fixed it."

When users first sign-up for a Twitter account, Twitter provides an option where they can cross-match their existing phone and email contacts with Twitter’s database. This option allows them to find people they might know on the platform; users can update this at any time by going to ‘Settings and Privacy then ‘Privacy and safety’ and finally ‘Discoverability and Contacts.’

These options are active by default in order to enable people with the user’s phone number or the number attached to their account to find their twitter profile – ideally the people users know in real life. In order to find profiles of anyone listed in a user’s email and to refresh their contacts listing at any time, all the user has to do is tap on ‘Manage Contacts’ at the bottom.

This feature comes in handy for users building connections from scratch; however, Twitter has now found out that hackers can also use it to gather personal data.

Through this process, scammers could get the user’s name and phone number which could then be used to blackmail them with information posted via the user’s Twitter account, theoretically.

As noted by TechCrunch, with many people also using their phone number for two-factor authentication, it could also enable them, potentially, to access your account.

"Additionally, we suspended any account we believe to have been exploiting this endpoint."

Twitter says that it has made changes to its system so that it will no longer return specific account names in response to queries.

What are your thoughts? Let us know in the comments below.

Photo credit: Unsplash

#sorelevant

Option to Add More than One Guest on IG Live is currently under Instagram's Consideration
Users might be able to live stream with more than one person at a time via Instagram Live!
New Digital Literary Resources and Tips for Workers Released by Facebook
Kids, parents and remote workers can get access to resources and tips via Facebook!
Celebrity-Hosted Daily Live-Streams Officially Launched by TikTok
TikTok's coming to the aid of its users by using its platform to bring entertainment amidst this lockdown!
Instagram's Latest Feature in Testing is a Set of Animated Selfie Stickers
A new set of animated selfie stickers coming to Insta Story soon...