Twitter admits someone exploited its phone number matching system
In yet another instance of security lapse, Twitter admitted that someone used fake accounts to exploit its API and match usernames to phone numbers, abusing the ability to find people with phone number.
In its official blog, Twitter revealed that it became aware of the malicious actors who were using a large network of fake accounts on December 24, 2019, and immediately suspended those accounts.
The company revealed that the high volume of accounts was traced from IPs located within Iran, Israel, and Malaysia, with some IPs possibly tied to state-sponsored actors.