An attacker took advantage of Twitter’s API security flaw to match usernames to phone numbers. 

Twitter disclosed a security incident during which third-parties exploited the company’s official API to match phone numbers with Twitter usernames. 

The company said that they became aware of exploitation attempts against Twitter’s API security flaw on December 24, 2019, following a report from TechCrunch. The report detailed the efforts of a security researcher who abused a Twitter API feature to match 17 million phone numbers to public usernames.

According to Twitter, the attackers exploited a legitimate API endpoint that allows new account holders to find people they know on Twitter. The API endpoint allows users to submit phone numbers and matches them to known Twitter accounts.

Digital Marketing News: Twitter's API Security Flaw | EmailOut.com - free email marketing software

The company stated that the attacks did not impact all Twitter users, but only those who enabled an option in their settings section to allow phone number-based matching.

Those who didn’t have the phone number search setting enabled are not at risk, and Twitter has provided a form for those who have further concerns. However, it may be worth assuming that scammers could, potentially, have your name and phone number, and could use your corresponding Twitter account details for nefarious purposes. 

Professional Email Marketing | Powered by EmailOut.comOpen your Unlimited Sends one-month free trial today – after your first month with us you can switch to our FreeForever account giving you 12,500 sends to 2,500 contacts each and every month for free, forever. Corporate email marketing? Contact us.

Free Email Marketing Software by EmailOut.com
[EmailAddress]
[EmailAddress]
[EmailAddress]
[EmailAddress]