One of the many popular social media platforms Twitter is once again in news for privacy and data breach news. Many such incidents have taken place over some months and in last year that has made safety on internet a bigger issue. A data breach was reported by Twitter in a privacy blog update this month that reported a data breach. This was the type of data breach that involved a large number of fake accounts on this platform collecting user data. A large network of fake accounts was involved in this that were exploiting API matching usernames and phone numbers.
This data breach was said to be discovered by Twitter last year in December and all the fake accounts were suspended soon enough. Twitter didn’t take long to suspend these fake accounts exploiting API as soon as the concern was raised. The company did its investigation thoroughly and more accounts were found to be using API to access further data. All the accounts were taken care of and Twitter also reported that a wide range of countries were reported as the location with the majority of accounts located from Israel, Iran, and Malaysia.
The endpoint API used by these accounts was used to match phone numbers to the user’s account and this was the data collected in this breach. Phone numbers were matched for people that have ‘Let people who have your phone number find you on Twitter’ enabled through the API endpoint. For the same reason, only those who enabled this feature were exposed to this data breach. Twitter users that didn’t have this option enabled were safe from any kind of vulnerability during this data breach. Now the company has made required changes to the endpoint to ensure nothing similar can happen on the platform.