A security researcher has said that he matched 17 million phone numbers to Twitter user accounts by exploiting a vulnerability in Twitter’s Android app.
Most of the users included high-profile politicians and officials based in countries like Israel, Turkey, Iran, Greece, Armenia, France and Germany.
Security researcher, Ibrahim Balic found that it was possible to upload complete list of generated phone numbers through Twitter’s contacts upload feature.
“If you upload your phone number, it fetches user data in return,” he was quoted as saying by TechCrunch.
He said that the social networking’s contact upload feature doesn’t accept lists of phone numbers in sequential format. Instead, he generated over two billion phone numbers, then randomized the numbers, and uploaded them on the social networking platform via Android App.
Balic said that he began alerting Twitter users directly, but stopped after the website blocked his efforts on December 20. Balic had created a WhatsApp group to alert users.
The bug did not exist in the web-based upload feature.
It’s not yet confirmed if Balic’s efforts are related to a Twitter statement last week which admitted a malicious code was inserted into its app by a bad actor that could have compromised several Android users’ information worldwide, including in India.
Balic is previously known for identifying a security flaw breach that affected Apple’s developer center in 2013.
(With input from agencies)