A recent bug with one of Twitter’s support forms has exposed user details such as phone number country code and whether accounts had been locked by Twitter. The company believes the flaw was likely used by state-sponsored actors to gain information about Twitter accounts.

Whoosh! Screen Cleaner

As spotted by TechCrunch, Twitter posted details about the bug today on its Help Center:

We have become aware of an issue related to one of our support forms, which is used by account holders to contact Twitter about issues with their account. We began working to resolve the issue on November 15 and it was fixed by November 16. This could be used to discover the country code of people’s phone numbers if they had one associated with their Twitter account, as well as whether or not their account had been locked by Twitter.

Twitter told TC that it reported the issue to the proper authorities including the FTC, the European Union’s Data Protection Commissioner, and affected users, but didn’t say how many accounts were impacted.

As for how Twitter discovered the bug and the source of the wave of “requests,” the company believes state-sponsored actors in China and Saudi Arabia may be involved.

During our investigation, we noticed some unusual activity involving the affected customer support form API. Specifically, we observed a large number of inquiries coming from individual IP addresses located in China and Saudi Arabia. While we cannot confirm intent or attribution for certain, it is possible that some of these IP addresses may have ties to state-sponsored actors. We continue to err on the side of full transparency in this area and have updated law enforcement on our findings.

Twitter ended the statement by letting users know they don’t need to take any further action and offered an apology. However, there is also a data protection form that concerned users can fill out.

If you have any questions or concerns, you can contact Twitter’s Data Protection Officer, Damien Kieran, by completing the online form located here. We recognize and appreciate the trust you place in us, and are committed to earning that trust every day. We are sorry this happened.


Check out 9to5Mac on YouTube for more Apple news:

About the Author