Twitter alerts users about 'unusual' leak, suspects state-sponsored attack
What's the story
After Facebook and Google+, popular microblogging platform Twitter has also disclosed an 'unusual' bug. The vulnerability affected one of the support forms of the site and exposed country codes of phone numbers linked with certain accounts. It was fixed within a day of discovery in November, but so far, Twitter has not revealed how many users have been affected. Here's more on the leak.
Issue
How the bug leaked information?
Twitter has not given detailed insights, but initial investigation suggests the bug was exploited due to 'unusual activity' around the support form in question. Support forms help Twitter account users take their concerns/account issues to the company. However, in this case, just one form witnessed "a large number of inquiries coming from individual IP addresses located in China and Saudi Arabia," triggering the bug.
Twitter's assurance
No personal information was leaked, Twitter claims
In a statement, Twitter apologized for the leak and assured that no piece of personal information was exposed by the bug. Only information that was compromised is - country codes and whether or not that account was locked by Twitter. Though this information isn't as sensitive as those leaked by Facebook/Google, it could still be used to determine where the affected accounts are based.
Twitter's suspicion
State-sponsored attack suspected
Twitter has alerted affected users but has not provided the details of the actual scale. "No action is required by you," the company stated while suggesting that the issue might have been the result of a state-sponsored attack. "While we cannot confirm intent or attribution for certain, it is possible that some of these IP addresses may have ties to state-sponsored actors".
Do you know?
Still, many questions remain unanswered
Apart from the total number of affected users, a number of questions remain unanswered, including why Twitter took a month to disclose the leak. Also, it remains unknown why the company thinks this could be a state-sponsored attack.