Twitter discovered a possible nation-state attack while it was investigating an information disclosure flaw affecting its platform.
Experts at Twitter discovered a possible state-sponsored attack while they were investigating an information disclosure vulnerability affecting its support forms. The experts discovered that the attack was launched from IP addresses that may be linked to nation-state actors.
The flaw affected a support form that could be used to contact Twitter in case of problems with an account. The flaw could have been exploited to obtain the country code of a user’s phone number and determine whether or not the account had been locked by Twitter.
An account could be locked if it violates rules or terms of service, or if the account was compromised. The social media platform fixed the flaw on November 15, in just 24 hours.
The experts noticed a suspicious activity related to the API associated with the flawed customer support form.
“During our investigation, we noticed some unusual activity involving the affected customer support form API.” reads a blog post published by Twitter.
“Specifically, we observed a large number of inquiries coming from individual IP addresses located in China and Saudi Arabia. While we cannot confirm intent or attribution for certain, it is possible that some of these IP addresses may have ties to state-sponsored actors. We continue to err on the side of full transparency in this area and have updated law enforcement on our findings.”
Twitter, like many other social media platforms, are a privileged target for state-sponsored hackers that could use them for online propaganda and spread fake news.
In November, the researcher Terence Eden discovered that the permissions dialog when authorizing certain apps to Twitter could expose direct messages to the third-party. The expert was awarded $2,940 for reporting the bug to the company under the bug bounty program operated through the HackerOne platform.