According to a TechCrunch report, the researcher, Ibrahim Balic, created randomized lists of phone numbers and sent them to Twitter.
“If you upload your telephone number , it fetches user data reciprocally ,” he said.
The user data allowed Balic to seek out phone numbers for several major Twitter “celebrities” including the private number of a “senior Israeli politician.”
“Upon learning of this bug, we suspended the accounts wont to inappropriately access people’s personal information. Protecting the privacy and safety of the people that use Twitter is our favorite priority and that we remain focused on rapidly stopping spam and abuse originating from use of Twitter’s APIs,” a Twitter spokesperson said.
The bug exposed user accounts when Balic uploaded many phone numbers and asked Twitter to match them with users. Typically this interface is employed only new users install the app on their phone but, employing a set of API calls, Balic was ready to spoof this behavior. The resulting breach of privacy – essentially connecting real numbers to real Twitter handles – could reduce the efficacy of two-factor authentication schemes popular on financial applications and wallets.