Twitter says 'bad actors' matched users to phone numbers due to security flaw
Twitter has announced it has closed "a large network of fake accounts" after hackers exploited a feature tying mobile phone numbers to users.
The social media giant posted a tweet this morning:
We recently discovered an issue that allowed bad actors to match a specific phone number with the corresponding accounts on Twitter. We quickly corrected this issue and are sorry this happened. You can learn more about our investigation here: https://t.co/Z6Q4geQ8jo
— Twitter Support (@TwitterSupport) February 3, 2020
There is suspicion that the hack came from state-sponsored cyber hackers in countries across the world including Iran and Israel.
According to Tech Crunch, Security Researcher Ibrahim Balic was able to manipulate this bug to match 17 million Twitter accounts to phone numbers, including politicians.
How do I know if I'm affected?
A hacker using this trick could reveal the identity of a person tweeting under a pseudonym who has their account tied to a phone number.
Twitter accounts can also be hacked through phone numbers attached to accounts.
Twitter states: "Often the best connections on Twitter are with people you already know. In order to help you make those connections, we use your email address and phone number to make your account discoverable to others."
Within the EU this feature was opt-in, meaning unless you changed the settings to allow people to find you using your mobile number then your account is safe.
On the app; click your icon - go to 'settings and privacy' - then 'privacy and safety' then scroll down and click on 'discoverability and contacts; and deselect the options.
However, if you have enabled users to find your via your mobile number you can deactivate these settings, but If you suspect your account has been targeted contact Twitter at their Help Centre.
Currently it is only the app version of Twitter that has this security leak, the browser version is apparently fine.
Is Twitter secure?
All social media comes with data security risks. Facebook, Google, and Apple have all had their share of data security violations and risks. Twitter is no exception as the platform has around 330 million users worldwide.
Twitter was also caught last year after accidentally sending mobile phone and email addresses, used for two-step authentication, to advertisers.
Here are some examples of bad passwords we looked into last year.