Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Twitter Warns of Possible State-Sponsored Attack

While investigating an information disclosure flaw affecting one of its support forms, Twitter discovered a possible attack coming from IP addresses that may be linked to state-sponsored actors.

While investigating an information disclosure flaw affecting one of its support forms, Twitter discovered a possible attack coming from IP addresses that may be linked to state-sponsored actors.

Last month, Twitter became aware of a bug related to a support form that allows users to contact Twitter if they have issues with their account. The vulnerability could have been exploited to obtain the country code of a user’s phone number – if they had one associated with their account – and learn whether or not the account had been locked by Twitter.

Twitter possibly targeted by state-sponsored hackersTwitter locks accounts if they violate its rules or terms of service, or if the account appears to have been compromised.

The social media giant pointed out that the flaw did not expose full phone numbers or other personal information. Twitter started addressing the issue on November 15 and a fix was implemented by the next day.

While investigating the security bug, the company noticed unusual activity involving the API associated with the impacted customer support form.

“Specifically, we observed a large number of inquiries coming from individual IP addresses located in China and Saudi Arabia,” Twitter said. “While we cannot confirm intent or attribution for certain, it is possible that some of these IP addresses may have ties to state-sponsored actors. We continue to err on the side of full transparency in this area and have updated law enforcement on our findings.”

Twitter has not provided any additional information or clarifications regarding this activity and it’s unclear if the individuals who targeted the API also exploited the information disclosure flaw.

The company did link to a previous blog post where it shared an update on its investigation into foreign interference in political conversations. At the time, it released full archives of tweets and media from accounts that may have been part of Russian and Iranian state-sponsored operations.

Several information disclosure issues have been identified in Twitter in the past months. In May, the company advised customers to change their passwords after a bug caused passwords to be stored in log files in clear text.

Advertisement. Scroll to continue reading.

In September, it patched a bug that may have caused direct messages to be sent to third-party developers other than the ones users interacted with. The problem existed for well over a year and it impacted as many as 3 million users.

Last week, a researcher reported getting a bug bounty of nearly $3,000 from Twitter for a flaw that allowed some applications to obtain more permissions than they claimed.

Related: Researchers Find Thousands of Twitter Amplification Bots in Just One Day

Related: Twitter Unveils New Processes for Fighting Spam, Bots

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...