Twitter Hacked – Hackers Exploited Twitter Vulnerability To Match Usernames to Phone Number using Fake Accounts

State-sponsored hackers exploited Twitter API vulnerability using a larger number of fake accounts to match the usernames to the phone numbers.

Twitter observed a high volume of IP requests coming from particular countries, and the attackers believed to originated from Iran, Israel, and Malaysia.

In this attack, Threat actors tried to match a specific phone number with the corresponding accounts on Twitter, and the fake accounts used in this attack are located in a wide range of countries.

Twitter using an API that helps users to identify the people who may already be known by matching their phone number the twitter accounts.

Also, the investigation report reveals that some of IP’s are that involved in this cyber attack was associated with some of the state-sponsored hacker’s group.

According to Twitter press release report, “When used as intended, this endpoint makes it easier for new account holders to find people they may already know on Twitter. The endpoint matches phone numbers to Twitter accounts for those people who have enabled the “Let people who have your phone number find you on Twitter” option and who have a phone number associated with their Twitter account.”

The users who did not have this setting enabled or do not have a phone number associated with their account were not exposed by this vulnerability. 

In results, Twitter has been suspended the account which suspected to be used a part of this attack and made a number of changes to this endpoint so that it could no longer return specific account names.

Twitter also said that they remain focused on stopping the abuse of Twitter’s API as quickly as possible.

Cyber security News reported another twitter vulnerability for Android at the end of the last year Vulnerability Let Hackers Send Tweets, Access Users Direct Messages, Location Information

Balaji N

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

View Comments

Recent Posts

Palo Alto Networks PAN-OS Zero-day Under Active Attack

In a recent security alert, Palo Alto Networks has disclosed a critical vulnerability within its…

9 hours ago

DuckDuckGo Launches Privacy Pro : 3-In-1 Service With VPN

DuckDuckGo is a search engine that takes users' privacy seriously. It does not track or…

10 hours ago

Wiz to Acquire Gem Security for $350M to Address Cloud Security

Wiz, a leading cloud security company, has announced its acquisition of Gem Security for $350…

15 hours ago

Critical Bitdefender Vulnerabilities Let Attackers Gain Control Over System

Bitdefender GravityZone Update Server (versions 6.36.1, Endpoint Security for Linux, and Endpoint Security for…

15 hours ago

Ukrainian Hackers Hijacked 87,000 Sensors to Shut down Sewage System

Ukrainian hackers have successfully infiltrated and disabled a vast network of industrial sensors and monitoring…

16 hours ago

Zscaler Acquires Airgap Networks to Enhance Zero Trust SASE

Zscaler has announced the acquisition of Airgap Networks, a company renowned for its agentless segmentation…

18 hours ago