【1992 Archives】

For dissidents around the globe992 Archives Twitter remains the tool of choice for speaking out against their repressive governments.

With that in mind, it's easy to see why today's announcement from the social media company is so troubling. Twitter, in a Monday blog post and corresponding statement, announced it had discovered that "bad actors" with possible state-sponsored connections had found a way to tie phone numbers to Twitter accounts en masse.

In other words, a hacker using this exploit could potentially reveal the identity of a person tweeting under a pseudonym who has their account tied to a phone number. Or, alternatively, it's worth remembering that determining the phone number connected to an account is often a crucial step in hacking it.

---

You May Also Like

---

---

"On December 24, 2019 we became aware that someone was using a large network of fake accounts to exploit our API and match usernames to phone numbers," reads the Twitter blog post. "While we identified accounts located in a wide range of countries engaging in these behaviors, we observed a particularly high volume of requests coming from individual IP addresses located within Iran, Israel, and Malaysia."

With Saudi Arabia's documented real-world harassment of dissidents, for example, it's easy to see how such exploits could lead to real-world harm.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

"It is possible that some of these IP addresses may have ties to state-sponsored actors," continued the blog post.

We've reached out to Twitter to determine how many users were affected and if the company planned to notify users whose phone numbers were tied to accounts in the manner described. We've received no immediate response at present.

Uncheck these. Credit: screenshot / twitter

Importantly, not everyone was vulnerable to this specific exploit. According to Twitter, the bad actors in question could only tie your account to a phone number ifyour account met two specific criteria.

SEE ALSO: Jeff Bezos tweets reminder that Saudi government murdered a journalist

First, you had to have added a phone number to your account. However, with many people doing that very thing to enable two-factor authentication, a lot of folks fall into that bucket. Secondly, and this should narrow things down a bit, you must have selected the "Let people who have your phone number find you on Twitter" option.

Now would be a good time to make sure you don'thave that setting enabled. It would also be a great time for Twitter to consider removing it altogether.

UPDATE: Feb. 3, 2020, 2:27 p.m. PST: A Twitter spokesperson responded to our request for comment with the following statement:

As explained in our Privacy Center blog, we recently became aware that someone was using a large network of fake accounts to exploit our API and match usernames to phone numbers. After our investigation, we immediately fixed the issue by making a number of changes to the specific API endpoint that was being exploited. We also suspended any account we believe to have been engaged in this behaviour. Protecting the privacy and safety of the people who use Twitter is a top priority and we remain focused on stopping any abuse of Twitter’s features as quickly as possible. 

Topics Cybersecurity Privacy X/Twitter

• Science
• Deals
• Shopping
• Digital Culture
• Life
• Games
• Tech
• Social Good

• Tesla used car prices are cratering
• How to create a FaceTime link for your Android and PC friends
• Google Meet declares war on that sunny window behind you that's making you underexposed
• Russian curler faces allegations of doping in Winter Olympics
• Nintendo Switch 2 preorder just days away, per leak
• Jamaican beer company swoops in to save its country's Olympic bobsled team
• 'Foundation' review: Apple TV+ chases prestige TV again. It's great.
• It shouldn’t be teen girls’ job to mitigate harm on Instagram
• #rateaspecies is basically Yelp reviews for zoo animals
• The pandemic disrupted sex ed when students needed it most

• The Hollywood Darling Who Tanked His Career to Combat Anti
• What it really means to 'give yourself grace'
• Actors are concerned about AI terms in new SAG
• The Insomniac’s Dream Diary
• NYT's The Mini crossword answers for November 20
• The Rhyming Photographs of Rebecca Norris Webb and Alex Webb by The Paris Review
• The Alchemy of November
• TikTok ban across college campuses: Here are the universities restricting access to the app
• Breastfeeding videos can now be monetized on YouTube — here's why
• Apple pauses ads on X / Twitter after Elon Musk endorses antisemitic conspiracy

• Puerto Rico hurricane crisis: Here's why this could be Trump's Katrina
• Bored in the parking lot? Android Auto just added games.
• How to add Apple Music to your Memories in iOS 15
• How to create Tab Groups in Safari with iOS 15
• Gmail search just got a lot smarter, thanks to AI
• #WakandaTheVote activists are registering voters at 'Black Panther'
• The pandemic disrupted sex ed when students needed it most
• How to set up and use the Focus feature in iOS 15
• Climate change turns large green sea turtle population female
• George and Amal Clooney just made a huge donation to Florida school shooting survivors

• Best Sony headphones deal: Over $100 off Sony XM5 headphones
• How to set up Notification Summary in iOS 15
• How to set up and use the Focus feature in iOS 15
• Sally Field, with zero chill, tries to set her son up with Adam Rippon
• NYT mini crossword answers for May 9, 2025
• Apple's silence on AirPods is doing wonders for wireless earbud rivals
• Check out Bell's flying taxi concept before its Smithsonian debut
• Donald Trump asks Mar
• NYT Connections hints and answers for April 26: Tips to solve 'Connections' #685.
• Google Meet declares war on that sunny window behind you that's making you underexposed