- Twitter revealed a possible state-sponsored attack while investigating a flaw affecting one of its forms.
- Twitter discovered a flaw in one of their support forms used by users to contact Twitter about issues related to their account.
- While investigation experts discovered unusual activity in the affected customer support forms.
- They spotted a large number of enquiries from an individual IP address located in China and Saudi Arabia.
On Monday Twitter revealed they discovered evidence of a possible state-sponsored attack while investigating issue affecting one of its forms.
In November Twitter discovered a flaw in one of their support forms, which is used by users to contact Twitter about issues related to their account.
The flaw could be exploited by the attackers to discover the country code of user’s phone number and check whether their account has been locked or not by Twitter.
Twitter discovered the flaw on November 15 and fixed the flaw within 24 hours.
While investigating the issue they discovered unusual activity in the affected customer support form API. They observed a large number of enquiries from an individual IP address located in China and Saudi Arabia.
“While we cannot confirm intent or attribution for certain, it is possible that some of these IP addresses may have ties to state-sponsored actors. We continue to err on the side of full transparency in this area and have updated law enforcement on our findings.” said in the blog post published by Twitter.
Twitter confirms that the issue did not expose customers full phone number or any other personal data.
Twitter said they have notified law and enforcement authorities about the incident and also started to notify customers who were impacted by the issue directly.
Last week Twitter revealed flaw which could have exposed direct messages to third-party apps. The flaw discovered by security researcher Terence Eden.