Twitter revealed that it found and suspended accounts that abused features that allowed users to match phone numbers with usernames. The announcement of the privacy issue also confirmed a vulnerability discovered by researcher Ibrahim Balic in December 2019.
According to the previous report, Balic exploits a vulnerability in the Twitter application for Android, the 17 million telephone numbers were matched with the Twitter user accounts. A Twitter spokesman later said the company was working to ensure that the loophole was not exploited again.
We recently discovered an issue that allowed bad actors to match a specific phone number with the corresponding accounts on Twitter. We quickly corrected this issue and are sorry this happened. You can learn more about our investigation here: https://t.co/Z6Q4geQ8jo
— Twitter Support (@TwitterSupport) February 3, 2020
The company said it found more fake accounts that exploited the vulnerability. According to the IP addresses tracked by Twitter, these new accounts came from multiple countries, but most came from Iran, Israel, and Malaysia.
In addition, Twitter has suspended all the offending accounts it has discovered and modified its API to prevent criminals from continuing to use digital matching capabilities.