【War Archives】

For dissidents around the globe,War Archives Twitter remains the tool of choice for speaking out against their repressive governments.

With that in mind, it's easy to see why today's announcement from the social media company is so troubling. Twitter, in a Monday blog post and corresponding statement, announced it had discovered that "bad actors" with possible state-sponsored connections had found a way to tie phone numbers to Twitter accounts en masse.

In other words, a hacker using this exploit could potentially reveal the identity of a person tweeting under a pseudonym who has their account tied to a phone number. Or, alternatively, it's worth remembering that determining the phone number connected to an account is often a crucial step in hacking it.

---

You May Also Like

---

---

"On December 24, 2019 we became aware that someone was using a large network of fake accounts to exploit our API and match usernames to phone numbers," reads the Twitter blog post. "While we identified accounts located in a wide range of countries engaging in these behaviors, we observed a particularly high volume of requests coming from individual IP addresses located within Iran, Israel, and Malaysia."

With Saudi Arabia's documented real-world harassment of dissidents, for example, it's easy to see how such exploits could lead to real-world harm.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

"It is possible that some of these IP addresses may have ties to state-sponsored actors," continued the blog post.

We've reached out to Twitter to determine how many users were affected and if the company planned to notify users whose phone numbers were tied to accounts in the manner described. We've received no immediate response at present.

Uncheck these. Credit: screenshot / twitter

Importantly, not everyone was vulnerable to this specific exploit. According to Twitter, the bad actors in question could only tie your account to a phone number ifyour account met two specific criteria.

SEE ALSO: Jeff Bezos tweets reminder that Saudi government murdered a journalist

First, you had to have added a phone number to your account. However, with many people doing that very thing to enable two-factor authentication, a lot of folks fall into that bucket. Secondly, and this should narrow things down a bit, you must have selected the "Let people who have your phone number find you on Twitter" option.

Now would be a good time to make sure you don'thave that setting enabled. It would also be a great time for Twitter to consider removing it altogether.

UPDATE: Feb. 3, 2020, 2:27 p.m. PST: A Twitter spokesperson responded to our request for comment with the following statement:

As explained in our Privacy Center blog, we recently became aware that someone was using a large network of fake accounts to exploit our API and match usernames to phone numbers. After our investigation, we immediately fixed the issue by making a number of changes to the specific API endpoint that was being exploited. We also suspended any account we believe to have been engaged in this behaviour. Protecting the privacy and safety of the people who use Twitter is a top priority and we remain focused on stopping any abuse of Twitter’s features as quickly as possible. 

Topics Cybersecurity Privacy X/Twitter

• Tech
• Deals
• Life
• Social Good
• Digital Culture
• Games
• Shopping
• Entertainment

• The cicadas aren't invading the U.S.
• Reading Isadora Duncan’s Pulpy Autobiography
• Wordle today: The answer and hints for November 12
• What is post
• I'm a college professor. My advice to young people who feel hooked on tech
• Fitbit Charge 6 deal: Save 38% at Amazon
• Interview with the Neanderthal
• NYT's The Mini crossword answers for November 11
• I'm a college professor. My advice to young people who feel hooked on tech
• Oxford's Word of the Year? 'Goblin mode.'

• The 6 biggest takeaways from Star Wars Celebration
• These engaging, hyper
• Gorillaz team up with Pandora for a TMI glimpse into the music that shaped their sound
• The first reactions to 'Guardians of the Galaxy Vol. 2' have hit social media
• Sorry, Facebook, but social VR will never be a thing
• This app wants you to forget StubHub and make fun choices last minute
• United Airlines will hate the results of this new poll
• United just made it a little harder for you to get bumped off a flight
• Rejoice! Oculus Rift owners can now experience the awesomeness of Google Earth VR
• The internet redeems itself by rallying around bullied deaf and blind 'Counter

• Best JBL deal: Save $80 on JBL Xtreme 4 portable speaker
• Staff Picks: Alec Wilkinson, Ali Smith, Long Ling, and More
• What is post
• Jaime Davidovich’s Pioneering Television Art
• 13 Good Games You Can Play on Laptops and Budget PCs
• When Mascots Go Mad
• Humane Ai Pin: 4 futuristic things it can do
• A Note from Our Editor
• NYT mini crossword answers for May 9, 2025
• Apple might launch an OLED iPad Pro and larger iPad Air in early 2024

• A worthless juicer and a Gipper-branded server
• Humanities Majors: the Silicon Valley Cult Wants to Eat Your Brain
• 'Quordle' today: See each 'Quordle' answer and hints for November 12, 2023
• Amazon iRobot deal: Save $200 on the iRobot Roomba i4
• Fyre Festival and Trump’s Language
• Apple might launch an OLED iPad Pro and larger iPad Air in early 2024
• NYT's The Mini crossword answers for November 11
• How John King’s String Quartet Fuses Western and Arabic Music
• This fat bear's before and after photos are stunning
• Where I Wasn’t When Manchester Bled