tech news

Twitter says state-backed actors may have accessed users’ phone numbers

SAN FRANCISCO: Twitter mentioned on Feb three that it had found makes an attempt by attainable state actors to entry the cellphone numbers related to consumer accounts, after a safety researcher unearthed a flaw within the firm’s “contacts add” function.

In a press release printed on its privateness weblog, Twitter mentioned it had recognized a “excessive quantity of requests” to make use of the function coming from IP addresses in Iran, Israel and Malaysia. It mentioned, with out elaborating, that “a few of these IP addresses might have ties to state-sponsored actors.”

An organization spokeswoman declined to say what number of consumer cellphone numbers had been uncovered, saying Twitter was unable to determine all the accounts that will have been impacted.

She mentioned Twitter suspected a attainable connection to state-backed actors as a result of the attackers in Iran appeared to have had unrestricted entry to Twitter, though the community is banned there.

Tech publication TechCrunch reported on Dec 24 {that a} safety researcher, Ibrahim Balic, had managed to match 17 million cellphone numbers to particular Twitter consumer accounts by exploiting a flaw within the contacts function of its Android app. TechCrunch mentioned it was in a position to determine a senior Israeli politician by matching a cellphone quantity via the instrument.

The function, which permits folks with a consumer’s cellphone quantity to seek out and join with that consumer on Twitter, is off by default for customers within the European Union the place stringent privateness guidelines are in place. It’s switched on by default for all different customers globally, the spokeswoman mentioned.

Twitter mentioned in its assertion that it has modified the function so it now not reveals particular account names in response to requests. It has additionally suspended any accounts believed to have been abusing the instrument.

Nevertheless, the corporate shouldn’t be sending particular person notifications to customers whose cellphone numbers have been accessed within the knowledge leak, which data safety specialists contemplate a greatest follow. – Reuters

Leave a Reply

Your email address will not be published. Required fields are marked *