Twitter says that an unspecified number of its users may have been targeted by state-sponsored hackers seeking to unmask their identity.
Attackers appear to have targeted a Twitter customer support API. A successful attack would have revealed the country code associated with a user’s phone number, if they had registered one with Twitter, as well as whether Twitter had locked their account, the social networking giant says in a blog published on Monday.
“During our investigation, we noticed some unusual activity involving the affected customer support form API,” it says. “Specifically, we observed a large number of inquiries coming from individual IP addresses located in China and Saudi Arabia. While we cannot confirm intent or attribution for certain, it is possible that some of these IP addresses may have ties to state-sponsored actors.”
Twitter says it has shared its findings with law enforcement agencies. “Importantly, this issue did not expose full phone numbers or any other personal data,” Twitter says in its security alert. “We have directly informed the people we identified as being affected. We are providing this broader notice as it is possible that other account holders we cannot identify were potentially impacted. No action is required by account holders and we have resolved the issue.”