Twitter API Abused to Uncover User Identities

Twitter said that malicious actors, with potential ties to state-sponsored groups, were abusing a legitimate function on its platform to unmask the identity of users.

The social media giant said that on Dec. 24, 2019, it discovered a large network of fake accounts abusing a legitimate API (application programming interface) function on its platform that, when used as intended, allows accounts to find Twitter users that they may already know by matching phone numbers to their Twitter account names.

The bad actors were using this legitimate feature to uncover Twitter users – opening concerns that they could have potentially obtained the true identities of human rights activists or dissidents who go under pseudonyms on Twitter.

Read more…
Source: ThreatPost