Vulnerable only if enabled
The API Twitter reported is about finding specific accounts through their phone numbers or email addresses via a simple search. This is possible for those who’ve enabled the Let people who have your phone number find you on the Twitter option in settings. Further, people who have their phone numbers associated with Twitter could be vulnerable too. This can lead attackers to match accounts with their phone numbers of several suspects, thus revealing their identities. But Twitter responded to this immediately and corrected. It said, As Twitter is a popular platform for serious people to raise a voice, rights activists and protestors create pseudonyms accounts for questioning authorities. To which, governments and other organizations try finding those dissidents by either demanding Twitter to reveal or exploiting such vulnerable APIs. As suppression is all they wanted, Twitter was previously in news regarding two of its ex-employees being accused of relating to Saudi Arabian government and snooping on political dissidents. Further, popular messenger application WhatsApp too was exploited by such state-sponsored attackers to track activists recently.
