Information security researcher Ibrahim Balic discovered a vulnerability in the Twitter mobile application for the Android platform, the use of which allowed him to match 17 million phone numbers with the corresponding user accounts of the social network.
The researcher created a database of 2 billion mobile phone numbers, and then uploaded them in random order into the Twitter mobile application, thus obtaining information about the users associated with them. During his research, Balic collected data on Twitter users from France, Greece, Turkey, Iran, Israel and a number of other countries, among whom were high-ranking officials and significant political figures.
Balic did not notify Twitter about the vulnerability, but he warned some users directly. The researcher's work was interrupted on December 20, after the Twitter administration blocked the accounts used to collect information.
Twitter spokeswoman Aly Pavela said the company takes such reports “seriously” and is currently actively looking into Balic's activities. It was also said that the company does not approve of the researcher's approach, since he publicly announced the discovery of the vulnerability instead of contacting Twitter representatives.
“We take reports like this seriously and review them carefully to ensure that the vulnerability cannot be reused. When the problem became known, we suspended accounts used to improperly access people's personal information. Protecting the privacy and security of people who use Twitter is a priority. We will continue to work to quickly address abuse of Twitter's APIs,” said Eli Pavel.
Source: 3dnews.ru