Skip to main content

Twitter says state-backed attackers may have nabbed phone numbers

 

Twitter has revealed more details about a security incident that allowed attackers to discover phone numbers attached to numerous accounts on its platform.

Recommended Videos

The process involved exploiting a feature, which, when used in the intended way, lets new sign-ups find friends who are already on Twitter by inputting their phone number. The feature works for those who have enabled the “Let people who have your phone number find you on Twitter” option and who have a phone number associated with their Twitter account.

The company said that during a recent investigation, it discovered and subsequently shut down a large network of fake accounts that may have been attempting to match a huge number of generated phone numbers to Twitter accounts.

It said it realized something was wrong when it observed “a particularly high volume” of attempts coming from individual IP addresses located within Iran, Israel, and Malaysia, adding, “It is possible that some of these IP addresses may have ties to state-sponsored actors.” Speaking to Reuters, a Twitter spokesperson said its team had particular concerns about Iran as the attackers seemed to have had unrestricted access to the social media platform despite it being banned in the country.

Twitter said it has now made changes to its system to prevent similar attacks in the future, and also shut down the accounts that it believed were attempting to exploit the flaw.

Background

The issue was first exposed in December 2019 by London-based security researcher Ibrahim Balic. It seems that it was Balic’s discovery that prompted Twitter’s investigation, which led to the suspected state-backed attackers. Balic showed that he was able to match 17 million phone numbers to Twitter accounts by uploading more than 2 billion random numbers to the service. The exercise enabled him to discover the phone numbers of various high-profile Twitter users, among them politicians and officials.

The incident is the latest in a series of security mishaps to hit Twitter. Late last year, for example, the company revealed it had patched a vulnerability in its Android app that could have let malicious actors view information of private accounts and take over profiles, and even send direct messages and tweets on the target account’s behalf. Another error saw the platform reveal the tweets of protected accounts.

Announcing details of security incidents is part of Twitter’s recently launched effort to be more transparent with its community of around 330 million people globally.

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
The Galaxy S25 Ultra may have another edge over the iPhone 16 Pro Max
The Desert Titanium iPhone 16 Pro.

The Samsung Galaxy S25 Ultra is not likely to be revealed until early next year. However, that hasn't stopped a flood of rumors from circulating in recent months. The latest one comes from someone familiar, Ice Universe.

According to the leaker, the Galaxy S25 Ultra has bested Apple's recently released iPhone 16 Pro Max in terms of benchmarks. A result shared with Ice Universe showed that the phone achieved a single-core score of 3,011 and a multi-core result of 9,706. By contrast, its predecessor, the Galaxy S24 Ultra, has an average single-core score of 2,142 and an average multi-core score of 6,693. These are both significant jumps from one generation to the next.

Read more
Samsung may have a big design change in store for its next folding phone
The hinge on the Samsung Galaxy Z Fold 6.

More news is being reported about the rumored Samsung Galaxy Z Fold 6 Slim. And once again, the news suggests that the new foldable could take some design cues from the company’s Galaxy S24 Ultra.

According to The Elec, the new phone could have a titanium backplate similar to the company’s flagship. If true, this would make the Galaxy Z Fold 6 Slim the company’s first titanium foldable. Until now, Samsung's foldables have featured stainless steel or carbon fiber reinforced plastic (CFRP) for their backplates.

Read more
The iPhone 16 Pro may have a larger battery than we expected
The side of the Apple iPhone 15 Pro Max.

With Apple’s new iPhone 16 models expected to launch sometime this fall, we’re getting more clarity on the likely specs, including even more details about the battery capacity boost we’re likely to see on the iPhone 16 Pro Max and iPhone 16 Pro.

The latest report comes from Weibo user Instant Digital, who corroborates an earlier leak from @MajinBuOfficial from February.  Instant Digital expects the iPhone 16 Pro to have a 3,577mAh capacity and the iPhone 16 Pro Max to have a 4,676mAh battery.

Read more