Twitter has not had the best of years when it comes to data security or privacy concerns. Yes, it’s another Twitter security issue in the space of just a few days. The firm has admitted to accidentally sharing location data of some iOS users with a partner back in May and apologized for using user’s personal information for advertising without their consent.
Security researcher Ibrahim Balic told to TechCrunch, that Twitter’s Android app had a flaw that allowed him to match 17 million phone numbers with their respective user accounts. While Twitter’s contact upload feature doesn’t allow phone number lists in a sequential format, Balic discovered that he could generate phone numbers, randomize them and upload them to Twitter to learn who used a given number.
While the issue was not reported to Twitter directly, the person did share this information with some of the users that he found numbers of, warning them of the flaw. Accounts matched included ones from countries such as Israel, Turkey, Iran, Greece, Armenia, France, and Germany.
The individual generated around two billion phone numbers in sequence over two months randomized them and uploaded them to the Twitter for Android app. However, Twitter blocked the researcher’s efforts on 20 December.
The company hasn’t yet officially acknowledged the bug in the app, and it is not known. However, one would hope that the company provides an update on whether the bug allowing for such a breach has been fixed, or if users need to take any actions to secure their information.