Twitter accidentally reveals country codes, suspects state-sponsored attack

Twitter has said that it accidentally revealed country code of its users’ phone numbers due to an issue with its support forms. In addition, Twitter in its blog mentioned that the issue may have also disclosed whether a user’s account was locked by Twitter or not.

Twitter made it clear that the data leak did not expose full numbers or any other personal data. The social media giant is currently in the process of contacting the users who may have been directly affected. The issue was discovered on November 15 and subsequently resolved the very next day.

But upon further investigation, Twitter came upon the possibility that state-sponsored actors could have been involved. Twitter saw that there was an unusual amount of activity in the customer form API that was affected by the issue. They saw that there were a high number of inquiries that were coming from IP addresses that belonged to China and Saudi Arabia. Although uncertain, Twitter did not rule out the possibility that some of these IP addresses belonged to state-sponsored actors.

Twitter said that users could reach out to Twitter’s Data Protection Officer, Damien Kieran, by completing an online form on the Twitter support page if they have any questions on this cybersecurity issue.