In his detailed overview of the issue, Balic noted that the contacts upload feature didn't work when he tried uploading a list of numbers in a sequential format - a probable failsafe built to prevent number matching.
However, when he generated 2 billion numbers one after the other and randomized them, the app took no time to match them with accounts.
Twitter said it is working to prevent similar exploits
A spokesperson for Twitter said they are working to prevent further exploits of the bug.
"Upon learning of this bug, we suspended the accounts used to inappropriately access people's personal information," the representative said. "Protecting the privacy and safety of the people... is our number one priority and we remain focused on rapidly stopping spam and abuse originating from use of Twitter's APIs."