State-sponsored hackers exploited Twitter API vulnerability using a larger number of fake accounts to match the usernames to the phone numbers.
Twitter observed a high volume of IP requests coming from particular countries, and the attackers believed to originated from Iran, Israel, and Malaysia.
In this attack, Threat actors tried to match a specific phone number with the corresponding accounts on Twitter, and the fake accounts used in this attack are located in a wide range of countries.
Twitter using an API that helps users to identify the people who may already be known by matching their phone number the twitter accounts.
Also, the investigation report reveals that some of IP’s are that involved in this cyber attack was associated with some of the state-sponsored hacker’s group.
According to Twitter press release report, “When used as intended, this endpoint makes it easier for new account holders to find people they may already know on Twitter. The endpoint matches phone numbers to Twitter accounts for those people who have enabled the “Let people who have your phone number find you on Twitter” option and who have a phone number associated with their Twitter account.”
The users who did not have this setting enabled or do not have a phone number associated with their account were not exposed by this vulnerability.
In results, Twitter has been suspended the account which suspected to be used a part of this attack and made a number of changes to this endpoint so that it could no longer return specific account names.
Twitter also said that they remain focused on stopping the abuse of Twitter’s API as quickly as possible.
Cyber security News reported another twitter vulnerability for Android at the end of the last year Vulnerability Let Hackers Send Tweets, Access Users Direct Messages, Location Information