The microblogging site has been hit by security incidents in the past as well. But with regard to the latest, Twitter assured its users that “no action is required”.
After Facebook, Quora, and most recently Google+, now it's Twitter's turn to be hit by an “unusual” data leak. The vulnerability was noticed on one of Twitter’s support forms – the same one that account holders access to contact the microblogging site regarding issues with their accounts.
The unusual activity surrounding the affected customer support form API was noticed on November 15 and by November 16, the bug was fixed, Twitter announced via a blog post shared on Monday. While no sensitive user information (like phone numbers) is said to have been exposed, the company confirmed that country codes of users’ phone numbers as well as “whether or not their account had been locked by Twitter” might have become accessible.
“Importantly, this issue did not expose full phone numbers or any other personal data. We have directly informed the people we identified as being affected. We are providing this broader notice as it is possible that other account holders we cannot identify were potentially impacted,” the company said in the post.
Upon discovering the breach, however, Twitter immediately launched an investigation, which brought to notice a bigger concern.
“We noticed some unusual activity involving the affected customer support form API. Specifically, we observed a large number of inquiries coming from individual IP addresses located in China and Saudi Arabia,” Twitter explained. Although, the site couldn’t link the breach to any malicious intent at the moment, it did warn about a possible state-sponsored attack.
If indeed malicious intent is involved in this security breach, chances are that this situation could have implications on whistleblowers or political dissidents, TechCrunch suggested.
While this is not the first time that the microblogging site has been hit by a security incident, with regard to the latest incident, Twitter assured that it has resolved the issue and that “no action is required by account holders”.
The site added: “ If you have any questions or concerns, you can contact Twitter’s Data Protection Officer, Damien Kieran, by completing the online form located here.”