Hacker News new | past | comments | ask | show | jobs | submit login

Doesn’t really have anything to do with the Android app. He was using an api endpoint that anyone could hit.

Step #1, turn two factor authentication on

Step #2, have your phone number leaked because of a dumb feature.




I think these days, Twitter will suspend your account immediately after sing-up, for "suspicious activity", and require a phone number to re-enable it.


At this point it has to be on purpose, right? There is no way that Twitter has just overlooked this closing of accounts "for suspicious activity" for years right when the account is created.


I made one a week or two ago, followed some people, made a few tweets, and wasn't asked for a phone number. I wasn't even asked for a CAPTCHA.

I deleted the account a few days later because Twitter is dull and the entire point of what I was trying to do was see if the rumors of immediate account flagging were true. They don't seem to be.


I made one a few months ago and it immediately did the suspicious activity provide phone number b.s.

I've not tried again since, and considered twitter 100% off-limits after that experience since it's obviously just an effort to acquire phone numbers coupled to accounts and email addresses under the guise of "security".


thanks. I registered an account lately and wondered why this happened. thanks for clarification.


It could depend on which accounts you interact with.


When I had a Twitter account, I had to provide a fake number to continue using it, but I was active in different political discussions and that might be the reason. Twitter didn't explain why it required a phone number, except for saying it was necessary for security or something like this.

Also, Microsoft will require a phone number once you try to log into an Outlook email account from other IP address than you have signed up with. Again, it says the number is necessary to "secure an account from hackers" or something like this.


> Also, Microsoft will require a phone number once you try to log into an Outlook email account from other IP address than you have signed up with.

That's quite a good idea.. They're effectively using your IP as a 2nd factor auth for those people who refuse to use 2 factor. If, like many people, you have a static IP at home, and they whitelist IP's your sessions roam to, you may never need to log in from a new IP.


was the account you created with your personal information? because if you create a throwaway it will be flagged immediately, but if you use the image of a friend for example, you can continue for a couple of hours before getting flagged


It had no personal information whatsoever, and the profile picture was of static noise.


Of course it is. If pressed, they will surely find a justification for it in reducing spam and bots. Less defensible is why they would wait to get a phone number until after you make an account.

And of course, try not to compare it with the Chinese rules requiring phone number verification for online accounts...


The dumb feature is letting folks look up their friends by their phone number.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: