Twitter says an attacker used its API to match usernames to phone numbers

Might be worth checking your own settings…:

[…] According to Twitter, the attackers exploited a legitimate API endpoint that allows new account holders to find people they know on Twitter. The API endpoint allows users to submit phone numbers and matches them to known Twitter accounts.

Twitter says the attacks did not impact all Twitter users, but only those who enabled an option in their settings section to allow phone number-based matching.

[…]

Original Article