Security Experts:

Connect with us

Hi, what are you looking for?



Twitter Warns of Possible State-Sponsored Attack

While investigating an information disclosure flaw affecting one of its support forms, Twitter discovered a possible attack coming from IP addresses that may be linked to state-sponsored actors.

While investigating an information disclosure flaw affecting one of its support forms, Twitter discovered a possible attack coming from IP addresses that may be linked to state-sponsored actors.

Last month, Twitter became aware of a bug related to a support form that allows users to contact Twitter if they have issues with their account. The vulnerability could have been exploited to obtain the country code of a user’s phone number – if they had one associated with their account – and learn whether or not the account had been locked by Twitter.

Twitter possibly targeted by state-sponsored hackersTwitter locks accounts if they violate its rules or terms of service, or if the account appears to have been compromised.

The social media giant pointed out that the flaw did not expose full phone numbers or other personal information. Twitter started addressing the issue on November 15 and a fix was implemented by the next day.

While investigating the security bug, the company noticed unusual activity involving the API associated with the impacted customer support form.

“Specifically, we observed a large number of inquiries coming from individual IP addresses located in China and Saudi Arabia,” Twitter said. “While we cannot confirm intent or attribution for certain, it is possible that some of these IP addresses may have ties to state-sponsored actors. We continue to err on the side of full transparency in this area and have updated law enforcement on our findings.”

Twitter has not provided any additional information or clarifications regarding this activity and it’s unclear if the individuals who targeted the API also exploited the information disclosure flaw.

The company did link to a previous blog post where it shared an update on its investigation into foreign interference in political conversations. At the time, it released full archives of tweets and media from accounts that may have been part of Russian and Iranian state-sponsored operations.

Several information disclosure issues have been identified in Twitter in the past months. In May, the company advised customers to change their passwords after a bug caused passwords to be stored in log files in clear text.

In September, it patched a bug that may have caused direct messages to be sent to third-party developers other than the ones users interacted with. The problem existed for well over a year and it impacted as many as 3 million users.

Last week, a researcher reported getting a bug bounty of nearly $3,000 from Twitter for a flaw that allowed some applications to obtain more permissions than they claimed.

Related: Researchers Find Thousands of Twitter Amplification Bots in Just One Day

Related: Twitter Unveils New Processes for Fighting Spam, Bots

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.