"Twitter API Abused to Uncover User Identities"

Researchers have discovered that bad actors with potential ties to state-sponsored groups, were abusing a legitimate function on Twitter's platform to unmask the identity of users. On December 24, 2019, Twitter discovered an extensive network of fake accounts abusing the legitimate API (application programming interface) function on its platform.  When this function is used as intended, it allows accounts to find Twitter users that they may already know by matching phone numbers to their Twitter account names. The bad actors were using this feature to uncover the true identity of Twitter users.  Twitter found that many of the requests to use this function came from individual IP addresses located within Iran, Israel, and Malaysia, which is unusual.

Threatpost reports: "Twitter API Abused to Uncover User Identities"