Skip to main content
  1. Home
  2. Social Media
  3. News

Twitter says state-backed attackers may have nabbed phone numbers

By

Twitter has revealed more details about a security incident that allowed attackers to discover phone numbers attached to numerous accounts on its platform.

Recommended Videos

The process involved exploiting a feature, which, when used in the intended way, lets new sign-ups find friends who are already on Twitter by inputting their phone number. The feature works for those who have enabled the “Let people who have your phone number find you on Twitter” option and who have a phone number associated with their Twitter account.

Related

The company said that during a recent investigation, it discovered and subsequently shut down a large network of fake accounts that may have been attempting to match a huge number of generated phone numbers to Twitter accounts.

It said it realized something was wrong when it observed “a particularly high volume” of attempts coming from individual IP addresses located within Iran, Israel, and Malaysia, adding, “It is possible that some of these IP addresses may have ties to state-sponsored actors.” Speaking to Reuters, a Twitter spokesperson said its team had particular concerns about Iran as the attackers seemed to have had unrestricted access to the social media platform despite it being banned in the country.

Twitter said it has now made changes to its system to prevent similar attacks in the future, and also shut down the accounts that it believed were attempting to exploit the flaw.

Background

The issue was first exposed in December 2019 by London-based security researcher Ibrahim Balic. It seems that it was Balic’s discovery that prompted Twitter’s investigation, which led to the suspected state-backed attackers. Balic showed that he was able to match 17 million phone numbers to Twitter accounts by uploading more than 2 billion random numbers to the service. The exercise enabled him to discover the phone numbers of various high-profile Twitter users, among them politicians and officials.

The incident is the latest in a series of security mishaps to hit Twitter. Late last year, for example, the company revealed it had patched a vulnerability in its Android app that could have let malicious actors view information of private accounts and take over profiles, and even send direct messages and tweets on the target account’s behalf. Another error saw the platform reveal the tweets of protected accounts.

Announcing details of security incidents is part of Twitter’s recently launched effort to be more transparent with its community of around 330 million people globally.

Editors' Recommendations

Topics
Trevor Mogg
Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Elon Musk says Twitter character limit will increase hugely
Twitter logo in white stacked on top of a blue stylized background with the Twitter logo repeating in shades of blue.

Elon Musk, the man who bought Twitter for $44 billion at the end of October, says the social media platform is planning to up the limit for tweets to 4,000 characters, a significant increase on the current 280-character limit.

Responding to an inquiry on Twitter from someone asking if it’s true "that Twitter is set to increase the characters from 280 to 4000," Musk replied, “Yes,” but declined to offer any additional information, such as when the change will take place. It's also unclear as to whether longer tweets will only be available to subscribers of Twitter Blue, Twitter's premium tier that's set to relaunch sign-ups on Monday.

Read more
Hive Social is my favorite Twitter alternative, but that’s not saying much
iPhone 14 Pro in hand showing off profile page on Hive Social app

Ever since Elon Musk bought Twitter, it seems that the once-favorite social media site has just been going down in flames. It’s a sad sight to see — fake news and misinformation running rampant from paid “verified” accounts, restoration of formerly banned accounts (they were banned for good reason), and so much other stuff that I just can’t keep up anymore. With all of these changes, there’s been a rise in alternatives to Twitter, like the incredibly popular Mastodon.

I prefer something simpler, like the new Hive Social that has recently made waves. Think of Twitter and Instagram, and what you would end up with if you combined the two. There’s also a little dash of Myspace in there, as you can even add some music to your profile page. I’ve been poking around on Hive Social since I joined a week ago, and while I’ve been enjoying my time there, I also noticed a few things along the way.
Hive reminds me of the early days of Twitter
OnePlus 10T Andy Boxall/Digital Trends

Read more
Your iPhone may be collecting more personal data than you realize
The power key on the side of the iPhone 14 Plus.

It's widely believed that iPhones are among the most secure smartphones you can buy — and that's largely true. But what if your iPhone was collecting more personal data about you than you were led to believe? According to security researchers Tommy Mysk and Tala Haj Bakry, that's exactly what's happening.

Late in the evening on November 20, Mysk and Bakry published a series of tweets digging into something called "Directory Servicers Identifier" — or "DSID" for short. When you set up your iPhone for the first time, Apple asks if you want to share analytics data with the company to "help Apple improve and develop its products and services." You're then given a DSID if you agree to this, and upon doing so, Apple states that "none of the collected information identifies you personally." According to Mysk and Bakry, however, that may not be entirely accurate.

Read more