.png "back to home page")
"... we observed a particularly high volume of requests coming from individual IP addresses located within Iran, Israel, and Malaysia. ..." https://t.co/7G7G8e9kxK
— Vahid Online (@Vahid) February 3, 2020
?
— TJ Smith (@tjsmith) February 3, 2020
There now probably exists somewhere a list of phone numbers and account usernames. This puts 2FA security at risk for all those accounts.
Make sure your 2FA is secured via third party authorization app, not via text message https://t.co/wFDex9qxaq
We recently discovered an issue that allowed bad actors to match a specific phone number with the corresponding accounts on Twitter. We quickly corrected this issue and are sorry this happened. You can learn more about our investigation here: https://t.co/Z6Q4geQ8jo
— Twitter Support (@TwitterSupport) February 3, 2020
Just about everyone who demands a phone number ends up misusing it. https://t.co/D8Pf93JNuQ
— Emin Gün Sirer (@el33th4xor) February 3, 2020
BREAKING: Twitter says a suspected state-sponsored actor used its API to match usernames to phone numbers
— Catalin Cimpanu (@campuscodi) February 3, 2020
- Attack took place on December 24, 2019
- Twitter said attack came from IPs in Iran, Israel, and Malaysiahttps://t.co/EHSbpwcTsP pic.twitter.com/ulWUmfF5L6
could mean many Iranian users were at risk:
— Hadi Nili (@HadiNili) February 3, 2020
twitter says some ppl were using large network of fake acc's to exploit its API & match usernames to phone numbers- high vol of such requests coming from addresses in Iran, Israel, & Malaysia, w/ possible ties to state-sponsored actors. https://t.co/TAjKs1dMeR
I don't understand. The attack worked only against users who configured accounts to be matched to their phone number. That means these users chose to allow people to match phone numbers to accounts, right? If so, how is this an attack? What am I missing? https://t.co/uoHopZHtoi
— Dan Goodin (@dangoodin001) February 4, 2020
Twitter has really hashed up this disclosure. No wonder initial reports got this wrong. Twitter still needs to explain its attribution here.
— Zack Whittaker (@zackwhittaker) February 3, 2020
My @TechCrunch colleague, who isn't on Twitter (lucky him) has an accurate understanding of what went on. https://t.co/rwzPLqnhVc
Twitter data breach. Only potentially impacted when you have the option “let people who have your phone number find you...” enabled and your phone number set in Twitter. Remove your phone number, better safe than sorry! it’s not needed anymore for 2FA anyway #Infosec #GDPR https://t.co/K9v0u1COrr
— John Opdenakker (@j_opdenakker) February 3, 2020
Twitter’s & @jack’s stunning failure to protect users’ privacy is a matter of life & death for human rights advocates & journalists around the world. Twitter must urgently notify those compromised by these attacks—their safety & freedom could be at immediate risk. https://t.co/NVhPObRTEf
— Richard Blumenthal (@SenBlumenthal) February 4, 2020
Twitter admits to a bug that might have put privacy-conscious users at risk – by revealing what phone numbers are associated with which Twitter accounts. https://t.co/rom9dP4QQv via @InfoSecHotSpot pic.twitter.com/4UHL28AoLW
— Sean Harris (@InfoSecHotSpot) February 4, 2020
Twitter security hole allowed state-sponsored hackers to match phone numbers to usernames https://t.co/VHrAwkl7jg via gcluley
— BrianHonan (@BrianHonan) February 4, 2020
Given that Twitter has been compromising phone numbers - https://t.co/Wj6qNwTZk1 - Islamicat recommend enabling an authentication app for your account, rather than just text messaging (see pic) pic.twitter.com/8zM12IaIQR
— Islamicat ??? (@_Islamicat) February 4, 2020
Twitter says a certain someone tried to discover the phone numbers used by potentially millions of twits https://t.co/mxtagwWxO1 #infosec pic.twitter.com/8frrW0u4gU
— #AI (@AI__TECH) February 4, 2020
Huch! https://t.co/nV54ZkgVzx
— lackgestiefelter Kater (@lackkater) February 4, 2020
Twitter has suspended a large number of fake accounts that were exploiting an API vulnerability to match usernames to phone numbers. https://t.co/C6q2VjGb6L
— Eduard Kovacs (@EduardKovacs) February 4, 2020
Twitter has shut down “a large network of fake accounts" abusing a feature that let them match phone numbers to user accounts. Some of them appear to be associated with a state-sponsored campaign run out of Iran. https://t.co/Z00MScynld
— Caroline Orr (@RVAwonk) February 4, 2020
Twitter says state-backed actors may have accessed users' phone numbers
— Anthony DeRosa? (@Anthony) February 4, 2020
Twitter said it had identified a “high volume of requests” to use the feature coming from IP addresses in Iran, Israel and Malaysia.https://t.co/8LyB34Yg6D
Twitter says ‘state-backed actors’ may have exploited a flaw in a feature of its Android app to access users’ phone numbers, adding it had identified a ‘high volume of requests’ coming from IP addresses in Iran, Israel and Malaysia https://t.co/Cusm3VQcG8 pic.twitter.com/n2do4BTfED
— Reuters Business (@ReutersBiz) February 4, 2020
Twitter says state-backed actors may have accessed users' phone numbers https://t.co/qKeyJxW6UB
— Reuters Iran (@ReutersIran) February 4, 2020
Surprise, surprise....?
— Rise Up (@sara8smiles) February 4, 2020
Twitter says state-backed actors may have accessed users' phone... https://t.co/THnuxNPcZn
Nation states may have accessed @Twitter
— Chris Kubecka ?? Speaker @Disobey_fi ✈️ (@SecEvangelism) February 4, 2020
User phone numbers, yet no user notification from @Twitter
In direct violation of UK & EU GDRP data privacy regulations
cc: @ICOnewshttps://t.co/EOCi8W8DRe
Twitter Data Breach: Govt Accounts Tried To Access User Phone Numbers
— PrivacyDigest (@PrivacyDigest) February 4, 2020
In privacy blog update on Monday(Feb 3), Twitter said that it fixed a data breach that was using a large network of fake accounts to exploit its API & match usernames to phone numbers https://t.co/DElU1Az9eA
Twitter says state-actors may have gained access to people's phone numbers #Twitter #Hack https://t.co/G3nGVWnPVt pic.twitter.com/dLwF4o5REF
— Neowin (@NeowinFeed) February 4, 2020