Twitter flags suspected state-sponsored attack after unusual activity from China and Saudi Arabia

Malicious actors exploited two bugs with the platform's support form to gather hidden information, including phone numbers

Twitter has confirmed its platform was hit by a suspected state-sponsored attack last month, with a host of malicious actors taking advantage of a bug to harvest users' phone numbers.

In a statement released yesterday, the social networking platform said it became aware of a host of bugs being exploited by IP addresses based in China and Saudi Arabia and noticed unusual activity involving an affected customer support form API.

Requests made from these IP addresses, which Twitter has highlighted as being associated with state-sponsored actors, targeted the support form which reports issues to Twitter staff.

Two bugs, flagged on November 15 and fixed the following day, allowed an attacker to access a user's phone number and country code, as well as establish whether or not their account had been locked by Twitter.

Advertisement - Article continues below
Advertisement - Article continues below

"Since we became aware of the issue, we have been investigating the origins and background in order to provide you with as much information as possible," the company said in a statement.

"Specifically, we observed a large number of inquiries coming from individual IP addresses located in China and Saudi Arabia.

"While we cannot confirm intent or attribution for certain, it is possible that some of these IP addresses may have ties to state-sponsored actors."

Twitter said that no action was required by account holders and that the firm has informed law enforcement of the findings of its investigation.

The second bug, which allowed malicious actors to view whether a user's account had been locked, may seem relatively inane, but accessing a user's registered phone number constitutes a far more serious breach of privacy.

Throughout its history, the social networking platform has been ripe for exploitation by state-sponsored actors, as well as cyber criminals.

Advertisement - Article continues below

Researchers, for instance, outlined earlier this year how threat actors established a three-tier 'crypto-giveaway' botnet on the platform comprising millions of fake accounts.

The platform is also facing a General Data Protection Regulation (GDPR) probe over the handling of a user's subject access request (SAR), which Twitter had refused to comply with on the grounds it would take 'disproportionate effort'.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now



What is cyber warfare?

20 Sep 2019
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Microsoft Windows

Memes and Viking funerals: The internet reacts to the death of Windows 7

14 Jan 2020

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020