InfoSec News & Investigations

Expert finds a Bug in Twitter that can Expose your Account Information

As if it wasn’t enough already, the famous social networking and microblogging website Twitter has suffered yet another data vulnerability recently. In a recent data breach incident, an expert claimed that he was able to exploit a Twitter bug and used it to match more than 17 Million mobile numbers to user profiles. The list of the accounts targeted includes prominent lawmakers and officials. This hack was achieved by exploiting a bug in Twitter’s Android application.

According to the reports of TechCrunch, Safety expert, Ibrahim Balic discovered that it is attainable to post complete records of created contact information via the contact upload option in the Twitter app. “If you put your contact information .i.e the phone number, the app in return, retrieve user information,” says Ibrahim. The users whose phone numbers were matched were from countries like Germany, France, Armenia, Iran, Greece, Turkey, and Israel. In one particular incident, the user whose number was matched was found to be a prominent Israeli politician, reports TechCrunch.

About the Bug-
Ibrahim Balic started to alert the users of this issue 2 months earlier, through a WhatsApp group. When Twitter came to know this, the micro-blogging platform immediately obstructed his attempts. Ibrahim was able to create more than 2 Billion mobile numbers, steadily, after rearranging the numbers created, he uploaded them online via the Twitter Android application. However, the vulnerability didn’t exist in the web-based Twitter app. It is yet to confirm whether Ibrahim’s activity was associated with what Twitter issued in a statement earlier this week, saying it had suffered a data exploit. Twitted admitted that a malicious bug was implanted into its application by an anonymous cyber-criminal, which could’ve jeopardized numerous Twitterites information across the world, including Indian users. Twitter, however, did not reveal the person responsible for the exploit.

What can this Vulnerability do? 
This exploit in the Twitter android application can allow hackers to see personal information of the users, and also gives them the command of user accounts, by allowing hackers to tweet or send messages. The researcher Balic is known for exposing the security flaw in Apple’s developer center in the year 2013. “We are working our best to ensure that the bug couldn’t be exploited again,” said the Twitter spokesperson. Twitter has faced various security issues in the past this year.

Original Source