Security Flaw Found in Twitter Account Matching

11

Twitter recently revealed that they have detected a potential security flaw when it comes to matching the phone number with a person’s Twitter account. This flaw might have exposed some of the user’s personal identifying information through the app.

Twitter explained:

On December 24, 2019, we became aware that someone was using a large network of fake accounts to exploit our API and match usernames to phone numbers. We immediately suspended these accounts and are disclosing the details of our investigation, because we believe it’s important that you are aware of what happened, and how we fixed it.

During the signup process of your Twitter account, Twitter asks you to cross-match your phone and email contacts with their database. This is done in order to find the people you already might know on the platform. Users can update this by going to ‘settings and privacyprivacy and safetydiscoverability and contacts‘.

Twitter Vulnerability

Both of the options are active by default, which would allow people to find you on Twitter with your phone number. You can refresh this list at any time you like by going to ‘Manage Contacts’ at the bottom.

This feature is really good when you are trying to build connections from scratch. But at the moment this is a vulnerability, as hackers can also use it to collect user’s personal data.