Twitter Addresses Account Identity Incident: Issues A Fix

Twitter acknowledges that there was a problem with their API system that enabled attackers to match phone numbers with their Twitter accounts. The micro-blogging platform became aware of the glitch on December 24, 2019 and immediately suspended the malicious accounts. The investigation team at Twitter also noted that the majority of the requests to the affected API were coming from IP addresses within Israel, Iran, and Malaysia.

Twitter also noted that the API endpoint that was affected in this attack was normally the ones that gave permission to new accounts to find their friends on the social media network. It also included those that enabled the ‘Let people who have your phone number find you on Twitter’ in their Settings.
In simple words, those that did not give permission to Twitter to use their phone number were not exploited by the attack.