Twitter has disclosed a security incident involving the abuse of one of its official API features. Twitter admitted a flaw in its backend systems was exploited to discover the cellphone numbers of potentially millions of users en masse, which could lead to their de-anonymization through the exploitable API which has already been abused by systems in Iran, Israel and Malaysia.

Ilia Kolochenko, Founder and CEO,  ImmuniWeb
February 05, 2020
Security weaknesses affecting APIs are rapidly becoming one of the most critical aspects of modern application security. Their complexity and obscurity hinder security testing with traditional tools and automated scanners, and many dangerous security flaws remain undetected. Often they are riddled with a full spectrum of OWASP API Security Top 10 issues, some of which are intricately intertwined ....
