0
Social networking site Twitter announced today another data leak that occurred on its platform, which the company said it is investigating as a suspected state-sponsored attack.
In a support page published earlier today, Twitter said that it detected the attack on November 15 when it “observed a large number of inquiries coming from individual IP addresses located in China and Saudi Arabia.”
These requests targeted the company’s support form, which users had been using to report issues to Twitter’s staff.
Twitter said that attackers identified a bug in these forms that allowed them to discover an account’s phone number country code and if the account had been locked.
The second issue isn’t such a big deal, however, the first bug can allow an attacker to determine a user’s country of origin, mapping accounts to specific geographical zones.
“While we cannot confirm intent or attribution for certain, it is possible that some of these IP addresses may have ties to state-sponsored actors,” Twitter said today.
After discovering the attacks and the support form bug, Twitter said engineers fixed the vulnerability by the next day, November 16.
The company said that since detecting the attack, it’s been working to investigate which accounts have been impacted. Twitter is now notifying the users who it believes have been impacted by the attacks.
“We are providing this broader notice as it is possible that other account holders we cannot identify were potentially impacted,” the company added.
The company didn’t provide any other useful information about the attacks or who might be impacted, though, but it did say it also notified law enforcement.
This is the second user data leak the company announced this year. In September, Twitter revealed that an API bug might have shared users’ private messages with some app developers.
More data breach coverage:
Google+ hit by second API bug impacting 52.5 million users
BeatStars discloses security breach in Twitter live streamQuora discloses mega breach impacting 100 million usersMarriott reveals data breach affecting 500 million hotel guestsFacebook bug exposed private photos of 6.8 million users
Rhode Island sues Google after latest Google+ API leakCathay Pacific breach leaks personal data on 9.4 million people CNETWhy 31% of data breaches lead to employees getting fired TechRepublic
Related Topics:
Security TV
Data Management
CXO
Data Centers
0