february 03, 2020
An Incident Impacting your account Identity
On December 24, 2019 we became aware that someone was using a large network of sham accounts to exploit our API and mate usernames to phone numbers. We immediately suspended these accounts and are disclosing the details of our investigation to you today because we believe its important that you are aware of what happened, and how we fixed it.
During our investigation, we discovered additional accounts that we believe may experience been exploiting this same API endpoint beyond its intended use case. piece we identified accounts located in a wide array of countries engaging in these behaviors, we observed a particularly high loudness of requests coming from individual IP addresses located within Iran, Israel, and Malaysia. It is possible that some of these IP addresses may have ties to state-sponsored actors. We are disclosing this out of an abundance of caution and as a affair of principle.
When used as intended, this endpoint makes it easier for new account holders to find people they may already know on Twitter. The endpoint matches phone numbers to twitter accounts for those multitude who have enabled the Let people who have your phone number chance you on Twitter option and who get a phone number associated with their twitter account. multitude who did not hold this setting enabled or doh not get a phone number associated with their account were not exposed by this vulnerability.
After our investigation, we immediately made a number of changes to this endpoint so that it could no longer payoff specific account names in reception to queries. Additionally, we suspended any account we believe to have been exploiting this endpoint.
Protecting the privacy and safety of the multitude who expend twitter is our number one priority and we remain focused on stopping contumely of Twitters API as quickly as possible. You canful see more about our efforts to protect twitter from platform manipulation and state-backed activity in the twitter Transparency Report.
Were very sorry this happened. We recognize and appreciate the trust you place in us, and are committed to earning that trust every day. You can reach out to our office of data Protection through this form if you have questions.