 "Twitter says state-backed actors may have accessed users' phone numbers")
Twitter said on Monday that it had discovered attempts by possible state actors to access the phone numbers associated with user accounts, after a security researcher unearthed a flaw in the company's "contacts upload" feature.
In a statement published on its privacy blog, Twitter said it had identified a "high volume of requests" to use the feature coming from IP addresses in Iran, Israel and Malaysia. It said, without elaborating, that "some of these IP addresses may have ties to state-sponsored actors."
A company spokeswoman declined to say how many user phone numbers had been exposed, saying Twitter was unable to identify all of the accounts that may have been impacted.
She said Twitter suspected a possible connection to state-backed actors because the attackers in Iran appeared to have had unrestricted access to Twitter, even though the network is banned there.
Tech publication TechCrunch reported https://techcrunch.com/2019/12/24/twitter-android-bug-phone-numbers on Dec. 24 that a security researcher, Ibrahim Balic, had managed to match 17 million phone numbers to specific Twitter user accounts by exploiting a flaw in the contacts feature of its Android app. TechCrunch said it was able to identify a senior Israeli politician by matching a phone number through the tool.
The feature, which allows people with a user's phone number to find and connect with that user on Twitter, is off by default for users in the European Union where stringent privacy rules are in place. It is switched on by default for all other users globally, the spokeswoman said.
Twitter said in its statement that it has changed the feature so it no longer reveals specific account names in response to requests. It has also suspended any accounts believed to have been abusing the tool.
However, the company is not sending individual notifications to users whose phone numbers were accessed in the data leak, which information security experts consider a best practice.
One subscription. Two world-class reads.
Already subscribed? Log in
Subscribe to read the full story →*Subscribe to Business Standard digital and get complimentary access to The New York Times
Smart Quarterly
₹900
3 Months
₹300/Month
SAVE 25%
Smart Essential
₹2,700
1 Year
₹225/Month
SAVE 46%
*Complimentary New York Times access for the 2nd year will be given after 12 months
Super Saver
₹3,900
2 Years
₹162/Month
Subscribe
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app
SAVE 25%