Twitter says an attacker used its API to match usernames to phone numbers

The attack took place on Christmas Eve and came from IP addresses from Iran, Israel, and Malaysia.

You can read the full article here.