Twitter on an official note declared yesterday that it has discovered attempts to data breach its database by some state-funded actors. The social media giant suspects that the infiltration was done to access phone numbers linked to the user account after a security researcher whistle blew a flaw hidden in the “contacts upload” feature in December last year.
Disclosing the same on its blog, the world’s number one messaging platform said that its servers were receiving repeated requests in a high volume from IP addresses located in Iran, Israel and Malaysia which indicates that its servers were being bombarded with fake traffic or fraudulent requests.
Currently, the company hasn’t disclosed the exact number of phone numbers breached in the incident. However, a source from Twitter says that the breach was identified to have emerged from a flaw that now has been blocked with a patch.
A spokeswoman from Twitter said that state-funded actors from Iran are suspected to be behind the incident- although the company’s messaging services are banned in that region.
Note 1- On December 16th, 2019 a security researcher named Ibrahim Balic tweeted to the world that he has managed to match around 17 million phone numbers with twitter user accounts by exploiting a vulnerability in the contacts feature of the Android app. Balic insisted that the vulnerability allowed his team to identify the Twitter user accounts of noted Politicians, Hollywood Celebrities and football stars by matching their phone numbers.
Note 2- Twitter later reported to TechCrunch that it has identified the flaw and has made custom changes to the feature so that it no longer discloses specific account names against requests.