17 million phone numbers to identify Twitter users ... what's the bug?

​

A security flaw was found in the Android Twitter app.

​

Ibrahim Balic, a security researcher in London, claimed that the phone number matched 17 million Twitter user accounts with 2 billion phone numbers randomly generated by the Android OS Twitter app. Uploading the full list of phone numbers to the Twitter app has a bug that returns matching user data. He saw it as a flaw in the Twitter app itself, and no problems were found with web-based Twitter.

​

Ibrahim said the records of seven celebrities of different nationalities, including senior Israeli politicians, matched.

​
​

On the 20th (local time), Twitter said, "A bad actor can view private account information or control the account." It was explained that tweets and location information were exposed. A few days before Ibrahim Balik's claim was reported. However, it is contrary to Ibrahim's claim in that it is judged to be caused by malware insertion.

​

Ibrahim did not mention the existence of malware. He said that simply knowing someone's phone number can get information.

​

According to Techcrunch, a Twitter spokesman said, "We are trying to prevent the bug from being used again." "After checking for bugs, we suspended the account used to improperly access people's personal information," he said. "We're focused on quickly blocking attacks."

​

​

This year alone, there were several Twitter security issues. In May, he admitted that there was a bug in his account's location data that would be shared even if the user hadn't set up data sharing under certain conditions. In August, he unintentionally provided excessive information to advertising agencies. Last month, the company admitted that the phone number or email address entered in the second verification was used for the target advertisement.

​

Meanwhile, Ibrahim Balik, who claimed the Twitter app bug, made a name by pointing out a security flaw found on Apple's developer site in 2013.