Popular social media giant Twitter published a blog on Monday 17 December detailing how they have been hit with a minor data breach that they believe is linked to a state-sponsored attack.
Twitter had become aware of a vulnerability that affected one of their support forms. The bug, which was discovered in mid-November, has been exploited by actors in order to access and steal Twitter user’s information.
In the blog, Twitter stated:
“Since we became aware of the issue, we have been investigating the origins and background in order to provide you with as much information as possible. During our investigation, we noticed some unusual activity involving the affected customer support form API. Specifically, we observed a large number of inquiries coming from individual IP addresses located in China and Saudi Arabia. While we cannot confirm intent or attribution for certain, it is possible that some of these IP addresses may have ties to state-sponsored actors.”
Twitter has stated that they have notified affected users, and the blog is a broad message on the investigation in order to provide transparency to its users. They have declined to comment on further details of the minor data breach, and haven’t released figures for how many accounts have been affected. Law enforcement has been notified about the issue.
Twitter did make it clear that the information that was exposed was limited, full phone numbers or other personal data related to the user were not compromised.
Twitter has apologized for the minor data breach and told users that if they have any questions or concerns, they can contact Twitter’s Data Protection Officer, Damien Kieran, by completing an online form, located here.
No further action is required by account holders on this issue, and users can continue to use the app as usual.