11.02 2020 10:50h

Security Flaw Uncovered Regarding Twitter’s Phone Number Account Matching

The platform identifies cracks in its system and quickly recovers it
Twitter, Twitter Updates, Twitter Update, Twitter hacked, Social media 2020, Social Media, Social media app, Social Media Addiction, Social Media Updates, Social Media Update

This week Twitter revealed that it has recently detected a security vulnerability in its account matching systems which may have led to the exposing of people’s personal information via the application.

"On December 24, 2019 we became aware that someone was using a large network of fake accounts to exploit our API and match usernames to phone numbers,” Twitter explained.

“We immediately suspended these accounts and are disclosing the details of our investigation, because we believe it’s important that you are aware of what happened, and how we fixed it."

When users first sign-up for a Twitter account, Twitter provides an option where they can cross-match their existing phone and email contacts with Twitter’s database. This option allows them to find people they might know on the platform; users can update this at any time by going to ‘Settings and Privacy then ‘Privacy and safety’ and finally ‘Discoverability and Contacts.’

These options are active by default in order to enable people with the user’s phone number or the number attached to their account to find their twitter profile – ideally the people users know in real life. In order to find profiles of anyone listed in a user’s email and to refresh their contacts listing at any time, all the user has to do is tap on ‘Manage Contacts’ at the bottom.

This feature comes in handy for users building connections from scratch; however, Twitter has now found out that hackers can also use it to gather personal data.

Through this process, scammers could get the user’s name and phone number which could then be used to blackmail them with information posted via the user’s Twitter account, theoretically.

As noted by TechCrunch, with many people also using their phone number for two-factor authentication, it could also enable them, potentially, to access your account.

"Additionally, we suspended any account we believe to have been exploiting this endpoint."

Twitter says that it has made changes to its system so that it will no longer return specific account names in response to queries.

What are your thoughts? Let us know in the comments below.

Photo credit: Unsplash


Grace Kroells goes viral on TikTok after recreating scenes from The Parent Trap due to her uncanny likeness to Lindsay Lohan.
Amanda Cerny to do a video podcast with her lookalike!
Jacqueline Fernandez and Amanda Cerny have been tricked into doing a video podcast together.
The final tweet posted to Chadwick Boseman’s official Twitter is the most-liked post in history!
The Evolution of Beauty Brand Launch Parties After the Onset of COVID-19
Beauty brands are getting creative with launch parties amid the COVID-19 pandemic since in-person events and promotions are still suspended in the U.S. Beauty labels such as Marc Jacobs Fragrance and Fenty Skin started virtually hosting their launch parties.