San Francisco: In yet another data breach on Twitter which has gone through a bad year on security, a researcher has claimed he matched 17 million phone numbers to user accounts including high-profile politicians and officials by exploiting a vulnerability in Twitter's Android app.
Security researcher Ibrahim Balic found that it was possible to upload entire lists of generated phone numbers through Twitter's contacts upload feature, reports TechCrunch.
"If you upload your phone number, it fetches user data in return," he was quoted as saying.
Most of the users were in countries like Israel, Turkey, Iran, Greece, Armenia, France and Germany.
In one case, TechCrunch was able to identify a senior Israeli politician using their matched phone number.
Over a two-month period, Balic began alerting users directly and when Twitter came to know, the micro-blogging platform blocked his efforts on December 20.
Balic had created a WhatsApp group to alert users.
He generated more than two billion phone numbers, one after the other, then randomized the numbers, and uploaded them to Twitter through the Android application