Application security, Vulnerability Management

Twitter: possible state-sponsored actors behind suspicious form activity

Twitter managed to have a worse day than the overall stock market yesterday: the DOW plummeted 500 points, while Twitter's shares fell seven percent on fears of a support form being targeted by state-sponsored hackers.

The social media giant posted a note on its help center page on Dec. 17, stating it had become aware of strange activity involving one of its account help form APIs back on Nov. 15. The issue, which was fixed by Twitter the next day, could be used by unauthorized individuals to view the country code of any phone number associated with a Twitter account, along with information on whether or not the account was locked.

“Importantly, this issue did not expose full phone numbers or any other personal data. We have directly informed the people we identified as being affected. We are providing this broader notice as it is possible that other account holders we cannot identify were potentially impacted,” Twitter said.

The investigation also uncovered that a great deal of traffic coming to the support form API originated from individual IP addresses located in Saudi Arabia and China. Twitter specified it cannot fully attribute the traffic or its intent, but said “it is possible that some of these IP addresses may have ties to state-sponsored actors.”

Twitter account holders do not have to take any additional measures to secure their accounts.

An In-Depth Guide to Application Security

Get essential knowledge and practical strategies to fortify your applications.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds