Skip to Content
© Sebastian Czapnik | Dreamstime.com
Social media

Are you making this big security mistake on Twitter?

There’s never been a better time to stay connected with people than right now. Many of the friends you had back in school most likely went their own way after graduation. In the past, you’d probably never hear from them again.

But now, you can find your eighth-grade bestie with a simple social media search. The problem is most social media sites have huge problems protecting your privacy. Tap or click here to see how Facebook recently shared your private data with developers.

You’d think stories like that would make people run away from social media forever. Spoiler alert: they don’t. If you choose to keep using social media, you need to make sure your privacy settings are on lockdown or you’re putting yourself at risk.

Fake Twitter accounts exploiting the system

Twitter posted a warning on its Privacy Center page this week to alert people of a potential privacy risk. The warning said, on Dec. 24, 2019, Twitter discovered someone was using a large network of fake accounts to exploit its application programming interface (API) to match usernames to phone numbers.

This impacts your account identity. Hackers could create a program that searches for random phone numbers, and once they find a match, Twitter’s API would let them know who owns the account and potentially give them more personally identifiable information (PII).

With the right information, criminals can cause all kinds of havoc in your life, including identity theft. Now, that would take more effort than just matching your phone number to your Twitter account, but it serves as a good foothold.

RELATED: Privacy settings you need to use for Facebook

So, who is behind this?

Twitter investigated what was going on and discovered even more accounts exploiting its API than originally thought. It’s believed some of these accounts had ties to state-sponsored actors. The following is a section from the Twitter warning describing this discovery:

During our investigation, we discovered additional accounts that we believe may have been exploiting this same API endpoint beyond its intended use case.”

Twitter

While we identified accounts located in a wide range of countries engaging in these behaviors, we observed a particularly high volume of requests coming from individual IP addresses located within Iran, Israel, and Malaysia … We are disclosing this out of an abundance of caution and as a matter of principle.”

If you want to read the full statement, tap or click here.

Make this simple change to protect your privacy

Twitter said after making this discovery it made some changes that should help protect your privacy.

For one, it made a number of changes to its API endpoint so it could no longer return specific account names in response to queries. Also, Twitter suspended any account that is believed to have been exploiting this endpoint.

That’s a nice start, but you really should take matters into your own hands. Here are a couple of suggestions that will help protect your privacy:

The first thing you might want to do is remove your phone number from Twitter. You may have included it when you set up your Twitter account, not realizing situations like this could happen.

If your account gets locked, you need a phone number linked to unlock it. But you don’t have to give Twitter your personal phone number for this. Instead, you can set up a “burner” number from Google Voice used for social media accounts. Tap or click here to find out how to set one up.

If you just want to remove your number, no worries, it’s a very simple process.

First, open the Twitter app, tap or click on your profile picture in the upper left corner and a menu will open. Select Settings and privacy >> Account >> Phone and a new menu will open. Select Delete number and then Yes, delete on the confirmation screen.

That’s it, now your phone number has been removed from your Twitter account.

If you don’t want to completely remove your phone number from Twitter, there is a setting you can change that will stop people, or hackers, from being able to find you by phone number. Here’s how:

Open the Twitter app and tap or click on your profile picture in the upper left corner and a menu will open. Select Settings and privacy >> Privacy and safety >> Discoverability and contacts. From the next page, slide the toggle to the left next to Let others find you by your phone. This turns the feature off.

That’s it, now your Twitter account should be protected from accounts trying to exploit this feature. Oh, and Twitter wants you to know it’s very sorry this happened. Gee, thanks!

Komando Community background

Join the Komando Community!

Get even more digital know-how and entertainment with the ad-free Komando Community! Watch or listen to The Kim Komando Show on your schedule, read Kim's eBooks for free, and get answers in the Tech Forum.

Join Now