Twitter Inc. (NYSE: TWTR) on Monday said that a vulnerability in its android application might have been exploited by "state-backed actors" in Iran, Israel, and Malaysia.
The vulnerability made it possible for anyone to generate random phone numbers and match them to Twitter users by using a functionality that is meant to allow new users to find people on the platform they know using their phone numbers.
It was discovered by security researcher Ibrahim Balic, who managed to match 17 million phone numbers to Twitter users, TechCrunch reported December last year.
Twitter now said that it had concluded an investigation launched into the matter after it "became aware" of the issue on December 24.
The social media company said that while the accounts exploiting the vulnerability were spread across the world, there was a "particularly high volume of requests coming from individual IP addresses located within Iran, Israel, and Malaysia."
"It is possible that some of these IP addresses may have ties to state-sponsored actors," it added.
Why It Matters
Twitter said that it had fixed the glitch so that no specific user names are returned in response to phone numbers being entered into the search box on its platform. It also said that it had suspended user accounts involved in such behavior.
There has been an increased focus on internet giants when it comes to protecting the privacy of users.
As noted by TechCrunch, earlier Twitter has often admitted to data privacy violations, including using the phone numbers provided by users for two-factor authentication on its platform to serve targeted ads.
The Jack Dorsey-led company has also admitted to sharing more data with third-parties than needed.
Twitter's shares closed 1.82% higher at $33.07 on Monday. The shares traded slightly lower at $32.88 in the after-hours market.