Twitter Android app had a flaw that allowed to match 17 million phone numbers to Twitter usernames.
If automatic updates of your Twitter app is turned off, it’s time to turn on.
Can u imagine someone taking hand over your Twitter account and sending messages and tweets?
The bug can allow hackers to see non-public account information or control the victim’s account. In simple words, the intruder will be able to send Tweets and Direct messages.
Security researcher Ibrahim Balic generated two billion phone numbers, one after another, then randomised the numbers and uploaded them to Twitter through the Android app.
For a two month period, Balic matched records from Israel, Turkey, Iran, Greece, Armenia, France and Germany, but stopped after Twitter blocked the effort on December 20.
“We don’t have evidence that malicious code was inserted into the app or that this vulnerability was exploited, but we can’t be completely sure so we are taking extra caution’” Twitter said in a blog post.
Twitter has also sent emails to its users talking about the flaw and asked them to immediately update their Twitter Android app to prevent their accounts from getting hacked.
The issue was fixed in “version 7.93.4 (released November 4, 2019, for KitKat) as well as version 8.18 (released October 21, 2019, for Lollipop and newer).”
“Upon learning of this bug, we suspended the accounts used to inappropriately access people’s personal information. Protecting the privacy and safety of the people who use Twitter is our number one priority and we remain focused on rapidly stopping spam and abuse originating from the use of Twitter’s APIs,” the spokesperson said.
You may be interested in reading: ASP.NET Hit by Ransomware