A security researcher has matched 17 million phone numbers to Twitter user accounts by exploiting a flaw in the social media’s Android app.
Ibrahim Balic told TechCrunch he uploaded entire lists of generated phone numbers through Twitter's contacts upload feature.
He said Twitter’s contacts upload feature doesn’t accept lists of phone numbers in sequential format. Instead, he generated more than 2 billion phone numbers, randomized them and uploaded them to Twitter through the Android app.
Balic matched records from users in Israel, Turkey, Iran, Greece, Armenia, France and Germany. He stopped after Twitter blocked the effort Dec. 20.
TechCrunch verified Balic’s findings by comparing a random selection of user names with the phone numbers he provided. In one case, the website identified a senior Israeli politician using their matched phone number.
Balic took many of the phone numbers of high-profile Twitter users to a WhatsApp group in an effort to warn users directly.
Last week, Twitter identified and removed nearly 6,000 accounts that it said were part of a coordinated effort by Saudi government agencies and individuals to advance the country's geopolitical interests.
About the Author
