A bug where personal information is easily obtained via the phone number in the Twitter application is discovered



Exploiting security bugs in the features implemented by the Twitter app has revealed that it has been possible to obtain user personal information.

A Twitter app bug was used to match 17 million phone numbers to user accounts | TechCrunch

Security researcher Ibrahim Balic points out that there is a security flaw in Twitter's official ' how to upload and manage contacts '. According to Balic, `` If you upload your own phone number, the user information of your Twitter account will be returned '', pointing out that there is a risk that the user's personal information will be easily known doing.

According to Balic, Twitter's 'How to upload and manage your contacts' prevents users from getting personal information even when a continuous list of phone numbers is uploaded. This is clearly a feature to prevent trying to use the 'how to upload and manage contacts' to retrieve personal information for accounts linked to phone numbers.

However, if you automatically generate more than 2 billion phone numbers, randomize and upload them via the Android app version of Twitter, you will be able to obtain personal information of accounts associated with a huge number of phone numbers And that. If you have your phone number and Twitter user's personal information at hand, you can reset your password and log in to your account illegally.



Balic has been trying to match personal information with automatically generated phone numbers for two months using the `` method of uploading and managing contacts '', and the personal information obtained was mainly Israel, Turkey, According to users of Iran, Greece, Armenia, France and Germany. In addition, Twitter, which detected Mr. Balic's efforts on December 20, 2019, blocked access, so it seems that it was not possible to continue investigation after that.

Balic is providing TechCrunch, an international media, with a sample of phone numbers from which personal information can be obtained. TechCrunch independently researched the phone numbers and personal information it had obtained, and found that the sample included information on Israeli politicians.

Balic hasn't warned Twitter of the vulnerabilities he has discovered, but some of the most prominent Twitter users, such as politicians and government officials, have phone numbers for accounts where personal information could be obtained. It seems that he warned directly using WhatsApp.

by MikeRenpening

When TechCrunch contacted Twitter about the matter, a spokeswoman said, 'We're working to make sure this bug isn't being exploited again. The privacy and security of those who use Twitter is our top priority, and we continue to focus on quickly stopping spam and abuse resulting from the Twitter API. It is said that there was an answer.

in Mobile,   Software,   Security, Posted by logu_ii