Twitter has revealed that a flaw in the company’s “contacts upload” feature has been discovered, with attempts having made by several state actors to allegedly access the phone numbers of users. A “high volume of requests” to use the feature was detected from IP addresses from Iran, Israel, and Malaysia.
“We observed a particularly high volume of requests coming from individual IP addresses located within Iran, Israel, and Malaysia. It is possible that some of these IP addresses may have ties to state-sponsored actors. We are disclosing this out of an abundance of caution and as a matter of principle.”
According to a Reuters report, Twitter suspects that a government connection here, with the “attackers” in Iran having unrestricted access to the platform despite it being banned int he country. All of the connected accounts have been suspended in the meantime, and Twitter says that they have “fixed” the issue.
According to Techcrunch, a security researcher said he matched 17 million phone numbers to Twitter accounts after exposing a vulnerability in the company’s Android app. In a nutshell, the issue stems from the contact upload feature. He explained that if you upload entire lists of random phone numbers, Twitter fetches user data in return, enabling you to match these numbers to their users.
Not everyone is affected, it appears. Twitter explained in a blog post that only users with the “Let people who have your phone number find you on Twitter” option with an associated phone number are susceptible, although the loophole has been fixed.
“We’re very sorry this happened. We recognize and appreciate the trust you place in us, and are committed to earning that trust every day.”
There doesn’t appear to be any concrete news on who these “state actors” are, however. And it seems that Twitter doesn’t really know who exactly the perpetrators are—or they’re not pursuing it, I don’t know. State actors, by their very definition, are supposed to be parties acting on behalf of governments, which certainly is a scary thought.
And this isn’t the first time that Twitter and its users’ info has allegedly been misused for political agendas. Last year, 88,000 accounts from Saudi Arabia were suspended by the company for “manipulating” the platform as part of a state-backed information campaign. And Google has also revealed data privacy concerns of its own—some users reportedly had their private videos sent to total strangers while backing up their images on Google Photos.
Besides the Honor Win, Honor will soon introduce an affordable smartphone that boasts extra long…
Besides the tax holiday for fully imported (CBU) EVs, the road tax waiver for EVs…
In the final days of 2025, Honor has announced the Win and Win RT (yes,…
[ UPDATE 23:54 28 December 2025 ] MCMC has updated that Unifi Mobile was affected…
In the final days of 2025, TNB Electron isn’t slowing down with its EV charging…
Preliminary findings from the Fire and Rescue Department of Malaysia (BOMBA) revealed that the two…
This website uses cookies.