top of page

witter says an attacker used its API to match usernames to phone numbers

Updated: May 1, 2023

Twitter discloses security incident involving the abuse of one of its official API features.

"In a statement published today, Twitter disclosed a security incident during which third-parties exploited the company's official API (Application Programming Interface) to match phone numbers with Twitter usernames.

In an email seeking clarifications about the incident, Twitter told ZDNet that they became aware of exploitation attempts against this API feature on December 24, 2019, following a report from tech news site TechCrunch. The report detailed the efforts of a security researcher who abused a Twitter API feature to match 17 million phone numbers to public usernames."

Recent Posts

See All


bottom of page