This article is from the source 'rtcom' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at https://www.rt.com/news/480041-twitter-bug-iran-israel/

The article has changed 2 times. There is an RSS feed of changes available.

Version 0 Version 1
Twitter cites 'Iran & Israel state actors' after suspending researcher who exposed new user-data flaw Twitter cites ‘Iran & Israel state actors’ after suspending researcher who exposed new user-data flaw
(about 2 hours later)
Twitter, in a post so reassuring it's alarming, says it stopped possible state-backed actors in Iran and Israel from exploiting its features. But the only clear 'actor' may be a lone researcher who reported the bug six weeks ago.Twitter, in a post so reassuring it's alarming, says it stopped possible state-backed actors in Iran and Israel from exploiting its features. But the only clear 'actor' may be a lone researcher who reported the bug six weeks ago.
"Iran, Israel and Malaysia suspected of exploiting Twitter phone number security flaw," read a headline on Sky News. "Twitter: Israel, Iran may have accessed users' phone numbers," warned the Jerusalem Post."Iran, Israel and Malaysia suspected of exploiting Twitter phone number security flaw," read a headline on Sky News. "Twitter: Israel, Iran may have accessed users' phone numbers," warned the Jerusalem Post.
So what did those bad privacy-violating ayatollahs in Tehran and intrepid privacy-defying IDF hackers do this time? They exploited Twitter's "contact upload" feature to match handles with phone numbers.So what did those bad privacy-violating ayatollahs in Tehran and intrepid privacy-defying IDF hackers do this time? They exploited Twitter's "contact upload" feature to match handles with phone numbers.
"We observed a particularly high volume of requests coming from individual IP addresses located within Iran, Israel, and Malaysia," the tech giant said in a blog post. "It is possible that some of these IP addresses may have ties to state-sponsored actors.""We observed a particularly high volume of requests coming from individual IP addresses located within Iran, Israel, and Malaysia," the tech giant said in a blog post. "It is possible that some of these IP addresses may have ties to state-sponsored actors."
Those are strong, click-worthy headlines, but what about evidence that the respective governments were actually involved, beyond "possible" and "may have"? Eh.Those are strong, click-worthy headlines, but what about evidence that the respective governments were actually involved, beyond "possible" and "may have"? Eh.
Twitter also cautiously avoided mentioning the number of user accounts exploited through this bug, but provided assurance that everyone is now safe after the software changes it made. The bad guys, whoever they may be, have been punished with suspension.Twitter also cautiously avoided mentioning the number of user accounts exploited through this bug, but provided assurance that everyone is now safe after the software changes it made. The bad guys, whoever they may be, have been punished with suspension.
Well, we don't really know who the bad guys were, but the only identifiable 'actor' punished for the data leak is Ibrahim Balic, a Turkish cybersecurity researcher based in London, who reported that he had managed to match 17 million phone numbers to Twitter accounts thanks to a flaw in its Android app.Well, we don't really know who the bad guys were, but the only identifiable 'actor' punished for the data leak is Ibrahim Balic, a Turkish cybersecurity researcher based in London, who reported that he had managed to match 17 million phone numbers to Twitter accounts thanks to a flaw in its Android app.
"Over a two-month period, Balic said he matched records from users in Israel, Turkey, Iran, Greece, Armenia, France and Germany… but stopped after Twitter blocked the effort on December 20," TechCrunch said in a report about his endeavor."Over a two-month period, Balic said he matched records from users in Israel, Turkey, Iran, Greece, Armenia, France and Germany… but stopped after Twitter blocked the effort on December 20," TechCrunch said in a report about his endeavor.
Balic had no malicious intent. While he didn't alert Twitter to the gap in user privacy, he did make an effort to warn "high-profile" users directly. Incidentally, the report was published on December 24, 2019 – the same day when Twitter said it discovered the vulnerability.Balic had no malicious intent. While he didn't alert Twitter to the gap in user privacy, he did make an effort to warn "high-profile" users directly. Incidentally, the report was published on December 24, 2019 – the same day when Twitter said it discovered the vulnerability.
Balic's personal Twitter handle, it's worth mentioning, remains suspended.Balic's personal Twitter handle, it's worth mentioning, remains suspended.
Maybe there is no connection and Twitter, a noble crusader for privacy and an opponent of oppressive regimes worldwide, has done a good job protecting user data from snooping. Or maybe it simply prefers headlines mentioning state-backed actors from Iran to those saying something along the lines of "tech giant again screws over users who voluntarily provided their personal information for sake of convenience." Who knows?Maybe there is no connection and Twitter, a noble crusader for privacy and an opponent of oppressive regimes worldwide, has done a good job protecting user data from snooping. Or maybe it simply prefers headlines mentioning state-backed actors from Iran to those saying something along the lines of "tech giant again screws over users who voluntarily provided their personal information for sake of convenience." Who knows?
Like this story? Share it with a friend!Like this story? Share it with a friend!