Twitter API abused to match of usernames to phone numbers – Security

Point out-sponsored risk actors are thought to have exploited social network Twitter’s software programming interface (API) to match usernames to cellular phone figures.

Twitter discovered an unnamed actor using a significant network of pretend accounts for the assault on Xmas Eve final year.

The pretend accounts have been suspended, and Twitter claimed they were found in a broad vary of countries.

Even so, Twitter’s stability staffers recognized that a specifically large volume of API requests arrived from internet protocol addresses found inside of Israel, Iran and Malaysia.

These IP addresses might have ties to condition sponsored actors, Twitter claimed.

The social network did not say how a lot of pretend accounts were employed for the assault, or how a lot of buyers were targetted.

TechCrunch reported that a researcher, Ibrahim Balic, was able to add lists with around two billion cellular phone figures he experienced generated, and ordered randomly, to

Read More