Back in December, security researcher Ibrahim Balic revealed a vulnerability in Twitter’s Android app that allowed him to match millions of public usernames with their phone numbers.
Balic didn’t report this to Twitter, but the company did its own investigation into the issue not long after the report was published. Today, it officially acknowledged the issue and revealed that several attackers had been abusing an API functionality to gain access to users’ personal information.