Twitter has cautioned the “unusual activity” from state-sponsored actors based in China and Saudi Arabia after the company found a bug that could have revealed the country code of users’ phone numbers or if their account was locked.
The revelation led to the micro-blogging giant to drop nearly over 7 per cent of its user’s accounts on Monday. In a statement, Twitter said it discovered that the bug on November 15 and fixed it a day later.
“During our investigation, we noticed that some unusual activity involving the affected customer support form API. Explicitly, we observed a large number of inquiries that are coming from individual IP addresses which are located in China and Saudi Arabia,” said the micro-blogging platform, which is used by at least 336 million users, on one of its support forms.
“While we can’t confirm the purpose or attribution for certain, it is possible that some of these IP addresses might have ties to state-sponsored actors,” Twitter said.
The bug, said the company, could be used to discover the country code of people’s phone numbers if they had one associated with their Twitter account, as well as if or not their account has been locked by twitter.
Twitter went ahead to lock accounts if it appears to be compromised or in violation of its rules or Terms of Service.
“Significantly, this issue did not expose full phone numbers or any other personal data.”
“We have directly informed the people we identified as being affected, and we are providing this wider notice as it’s possible that other account holders we can’t identify were potentially impacted,” Twitter said, adding that it is “sorry it happened”.
A Twitter spokesperson told TechCrunch: “for our part, we’re committed to understanding how bad-faith actors use our services. We will continue to fight bad attempts to undermine the integrity of Twitter proactively.”