Hackers exploit Twitter account to find users Information

Twitter today had issued a warning to let its user know of a bug associated with it to allow attackers abused a legitimate functionality on its platform and unauthorizedly determine/ fetch its users phone number, these attack as reported by twitter today was been exploited to millions of its users. 

Twitter also made us understand according to its report that the vulnerability resided in one of its APIs that has been designed to make it easier for user(s) to find people they may already know on Twitter by  done by matching phone numbers saved on there twitter account. 

To be noted, the feature worked precisely as intended, except someone was not supposed to upload millions of randomly generated phone numbers and abuse Twitter to reveal profiles associated with the contact information users added to Twitter for enabling security features.

Twitter is actually not sure if this bug was exploited by a single adversary or exploited by multiple groups, Twitter also reported they were able to trace some accounts who participated in this Twitter bug attack,  based on its IP addresses as traced, this attack was dated to countries primarily from Israel , Iran and Malaysia.Twitter also believed this attack to be a state-sponsor attack  (likely to be). 

"We immediately suspended these accounts and are disclosing the details of our investigation to you today because we believe it's important that you are aware of what happened, and how we fixed it," Twitter said in a blog post.

What is good is, Twitter had found a patch for the vulnerability , these vulnerability was reported last year around December 4th but it had announced it have found a patch for the vulnerability on its application.

Follow us on Telegram