While investigating an information disclosure flaw affecting one of its support forms, Twitter discovered a possible attack coming from IP addresses that may be linked to state-sponsored actors.
Last month, Twitter became aware of a bug related to a support form that allows users to contact Twitter if they have issues with their account. The vulnerability could have been exploited to obtain the country code of a user’s phone number – if they had one associated with their account – and learn whether or not the account had been locked by Twitter.
Twitter possibly targeted by state-sponsored hackersTwitter locks accounts if they violate its rules or terms of service, or if the account appears to have been compromised.