Twitter flags suspected state-sponsored attack after unusual activity from China and Saudi Arabia

Malicious actors exploited two bugs with the platform's support form to gather hidden information, including phone numbers

Twitter has confirmed its platform was hit by a suspected state-sponsored attack last month, with a host of malicious actors taking advantage of a bug to harvest users' phone numbers.

In a statement released yesterday, the social networking platform said it became aware of a host of bugs being exploited by IP addresses based in China and Saudi Arabia and noticed unusual activity involving an affected customer support form API.

Advertisement - Article continues below

Requests made from these IP addresses, which Twitter has highlighted as being associated with state-sponsored actors, targeted the support form which reports issues to Twitter staff.

Two bugs, flagged on November 15 and fixed the following day, allowed an attacker to access a user's phone number and country code, as well as establish whether or not their account had been locked by Twitter.

"Since we became aware of the issue, we have been investigating the origins and background in order to provide you with as much information as possible," the company said in a statement.

"Specifically, we observed a large number of inquiries coming from individual IP addresses located in China and Saudi Arabia.

"While we cannot confirm intent or attribution for certain, it is possible that some of these IP addresses may have ties to state-sponsored actors."

Twitter said that no action was required by account holders and that the firm has informed law enforcement of the findings of its investigation.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The second bug, which allowed malicious actors to view whether a user's account had been locked, may seem relatively inane, but accessing a user's registered phone number constitutes a far more serious breach of privacy.

Throughout its history, the social networking platform has been ripe for exploitation by state-sponsored actors, as well as cyber criminals.

Researchers, for instance, outlined earlier this year how threat actors established a three-tier 'crypto-giveaway' botnet on the platform comprising millions of fake accounts.

The platform is also facing a General Data Protection Regulation (GDPR) probe over the handling of a user's subject access request (SAR), which Twitter had refused to comply with on the grounds it would take 'disproportionate effort'.

Featured Resources

Key considerations for implementing secure telework at scale

Identifying the security risks and advanced requirements of a remote workforce

Download now

The State of Salesforce 2020

Your guide to getting the most from Salesforce

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Rethink your cybersecurity strategy for the new world

5 steps to secure the enterprise and be fit for a flexible future

Download now
Advertisement

Recommended

What is cyber warfare?
Security

What is cyber warfare?

16 Mar 2020
Andrew Daniels joins Druva as CIO and CISO
Cloud

Andrew Daniels joins Druva as CIO and CISO

22 Jul 2020
University of California gets fleeced by hackers for $1.14 million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Australia announces $1.35 billion investment in cyber security
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
Police use of facial recognition ruled unlawful in the UK
privacy

Police use of facial recognition ruled unlawful in the UK

11 Aug 2020