Twitter I discovered a security issue last December that allows Associate mobile numbers with accounts in bulk, and that could have been used by some governments to collect information from users in a more than doubtful way.
In reality, the social network includes a function that allows discover contacts' Twitter accounts based on their phone number, provided we give you access to our agenda, and the users we are looking for have provided your mobile number.
This function was being exploited on a large scale, very differently from how it was conceived. The security flaw was discovered by researcher Ibrahim Balic, who created a large number of fake profiles to generate an example.
Twitter not only found Balic accounts associating mobile numbers and Twitter users, but also similar activity from Irn, Israel and Malaysia, which believes it could come from governments and security agencies.
The situation is worrisome, after the recently discovered WhatsApp security holes, which have even caused Saudi Arabia to spy on the WhatsApp of the Amazon executive director, it is clear that computer security has become a key element for the defense of passes .
Twitter has canceled all suspicious profiles of abusing the system that relates accounts and telephone numbers. It has not eliminated the option, but it has limited it so that it cannot be used massively, something for which it was not conceived.
He has confirmed that those who will not provide his mobile number, or deactivate the option of being located on Twitter with him, have not been affected by the problem.
And is that this hacking did not involve using a hidden vulnerability in the systems, it simply take advantage of an abusive feature that Twitter offers, and that I had not limited properly.
At first, it does not seem very worrying that someone associates the mobile number and Twitter account, especially considering that it has been allowed by those affected.
Unfortunately, the case could have greater repercussions. If certain countries have created databases with millions of phone numbers, they will be another element for mass espionage, with a lot of potential.
The use of such data for the future is worrisome, as it is not uncommon for vulnerabilities to have consequences months after being corrected. In any case, this incident with Twitter shows the dangers of sharing data such as phone number with third parties
Twitter delete inactive accounts to free user names
What do you think of the Twitter incident? Do you think it is dangerous for the privacy of Internet users?