TechCrunch is advancing a worrying bug in Twitter's Android app. Thanks to this vulnerability, it is possible to associate phone numbers with accounts on the social network.
The discovery was made by security analyst Ibrahim Balic. He was able to associate 17 million phone numbers with their accounts. Using the method discovered by the analyst, TechCrunch was able to identify an Israeli politician's account.
Vulnerability affects only the Twitter Android app
Analyst Ibrahim Balic has been able to prove that this vulnerability is only associated with Twitter's Android app. The web version of the social network does not have the same problem.
Balic says it was possible to associate numbers with social network accounts through his contact upload feature. It was possible to verify the veracity of the data removed using the password recovery option.
For two months, this analyst was able to find several accounts from Israel, Turkey, Germany, Iran, Greece, Armenia and France. The analyst did not warn Twitter of this vulnerability, preferring to contact injured users via WhatsApp.
Twitter already fixed the problem on December 20th
To rest all Twitter users, Ibrahim Balic said he could no longer perform this identification process after December 20th. Although it is no longer possible to exploit this bug, it is still advisable to change your login passwords.
On Twitter's side, the social network has not yet made any statements regarding the problem. The good news is that the issue already appears to be resolved, so check to see if you have the latest version of the app installed on your smartphone.
This is not the first time the social network has been involved in issues with the security of its users' data. Last May, Twitter admitted to providing location data for its users. More recently, it was discovered that the social network would be using its users' numbers to target advertisements.
EBox editors recommend: