There is no malicious code involved this time
Twitter has to face another serious attack on its platform. TechCrunch reported that over 17 million of personal information has been exposed upon the uploads of contacts to the Twitter platform. Ibrahim Balic, a security researcher told the site he is able to match records in seven different countries. Some of the personal information was exposed such as high-profile users including an Israeli politician.
Balic discovered that when a user uploads a phone number, the app will “fetch user data in return.” This enables the contacts that are uploaded into the app to be matched with the accounts’ usernames. The researcher did not alert Twitter to the vulnerability instead, Balic took the matter in his own hands. He took numerous phone numbers, including politicians and officials, and directly warned the users in a WhatsApp group.
A bug after a security flaw
Twitter has experienced a previous security issue in its Android app due to an insertion of malicious code. The social media network then released a statement last December 20 saying that the code “could allow a bad actor to see nonpublic account information or to control your account.” This information is either via sending tweets or direct messages.
Facebook and Twitter also reported, in November, “hundreds of their users” had their data compromised through faulty Android apps. Emails, usernames, and recent tweets were vulnerable on Twitter. Previous hackings involved malicious codes, this time, no malicious codes were found.
The reported bug simply knows the user’s phone number and able to figure out their personal information from that data alone. This has become the latest serious hacking attack that plagued Twitter and other social networks.
How Twitter responded
The company is currently working to ensure that the bug can’t harm users again. “Protecting the privacy and safety of the people who use Twitter is our number one priority and we remain focused on rapidly stopping spam and abuse originating from the use of Twitter’s APIs,” says the representative of Twitter. The platform also suspended accounts used to inappropriately access people’s personal information.
As Twitter suffered from a few huge leaks in recent years, it encourages its users to frequently change their passwords after they log-in. This is to protect them from information phishing after being exposed to the platform.
Marketers, brands, and other SMBs use social platforms in promoting their products. Sometimes though, bugs compromise their data and hacks into their database changing their products and services. Despite the safety measures taken by the platforms, marketers and other brands need to take initiative in protecting their accounts.