Twitter’s support form leaked phone number country codes to IPs in China and Saudi
Twitter accidentally exposed the ability to pull an account’s phone number country code and whether the accounts had been locked by Twitter. The concern here is that malicious actors could have used the security flaw to figure out which countries accounts were based in, which could have ramifications for whistleblowers or political dissidents.
The issue came through one of Twitter’s support forms for contacting the company, and the company found that a large number of inquiries through the form came from IP addresses located in China and Saudi Arabia. Twitter writes “While we cannot confirm intent or attribution for certain, it is possible that some of these IP addresses may have ties to state-sponsored actors.” We’ve requested more info on why it’s suggesting that. Attribution in these situations can be murky, and naming specific countries or suggesting state actors could be involved carry heavy implications.
Twitter began working on the issue on November 15th and fixed it on November 16th. Twitter tells TechCrunch that it has notified the European Union’s Data Protection Commissioner, as EU citizens may have been impacted. However, since country codes aren’t necessarily considered sensitive personal information, the leak may not trigger any GDPR enforcement or fines. Twitter tells us it has also updated the FTC and other regulatory organizations about the issue, though we’ve asked when it informed these different regulators.
Twitter has directly contacted users impacted by the issue, says full phone numbers were not leaked, and users don’t have to do anything in response. Users can contact Twitter here for more info. We’ve asked how many accounts were impacted, but Twitter told us that it doesn’t have more data to share as its investigation continues.
A Twitter spokesperson pointed us to a previous statement:
“It is clear that information operations and coordinated inauthentic behavior will not cease. These types of tactics have been around for far longer than Twitter has existed — they will adapt and change as the geopolitical terrain evolves worldwide and as new technologies emerge. For our part, we are committed to understanding how bad-faith actors use our services. We will continue to proactively combat nefarious attempts to undermine the integrity of Twitter, while partnering with civil society, government, our industry peers, and researchers to improve our collective understanding of coordinated attempts to interfere in the public conversation.”
We’ll have more details shortly.
- Reconciling twitter threads and manual testing
- BitMEX首席执行官：牛市是真的 市场目前处于上升趋势的迹象||Fun twitter
- 万卉：有人在Bitstamp挂了5000个BTC的卖单|Fun twitter
- 币安赵长鹏： 币安将把冷热钱包里所有的ERC20币安币转换成原生BEP2币|Fun twitter
- Thomas Lee：只要比特币低于1万美元 人们就会有踏空心理|Fun twitter
- Bitfinex CTO Paolo Ardoino ：Bitfinex 能在10天内通过私募筹集10亿美元|Fun twitter
- 5 Types of Stories Brands & Marketers Should Be Using by @https://twitter.com/seocopychick
- twitter-bootstrap – Bootstrap 3.0：响应列重置文档部分
- twitter-bootstrap – Bootstrap – 如何在列表/标签中使用图标？
- Twitter’s support form leaked phone number country codes to IPs in China and Saudi