Story image

Twitter suspects state-sponsored ties to support forum breach

19 Dec 18

One of Twitter’s support forums was hit by a data breach that may have ties to a state-sponsored attack, however users' personal data was exposed.

The support forum is dedicated to account holders who are having issues with their account and need to contact Twitter.

Twitter began working on a fix for the breach on November 15 and was promptly fixed by November 16. The breach allowed the attackers to discover the country code of Twitter users’ phone numbers - if a number was associated with their account.  

Attackers could also find out if users’ accounts had been locked by Twitter. Twitter does this when an account appears to violate the company’s rules or terms of service.

“Importantly, this issue did not expose full phone numbers or any other personal data. We have directly informed the people we identified as being affected. We are providing this broader notice as it is possible that other account holders we cannot identify were potentially impacted,” Twitter states.

The company also says it has been investigating where the attack came from and its background so users are well informed.

“During our investigation, we noticed some unusual activity involving the affected customer support form API. Specifically, we observed a large number of inquiries coming from individual IP addresses located in China and Saudi Arabia. While we cannot confirm intent or attribution for certain, it is possible that some of these IP addresses may have ties to state-sponsored actors.”

The company says it remains committed to full transparency and it has notified law enforcement about its research. Its biannual Twitter Transparency Report published trends in a number of areas, including platform manipulation, information requests, email privacy, and removal requests.

“No action is required by account holders and we have resolved the issue,” Twitter writes.

The company has also set up a data protection inquiry form for users who have questions or concerns. The form provides a secure form for users to contact Twitter’s data protection officer, Damien Kieran. 

This is not the first time Twitter has been caught up in a data breach – although most of them were its own fault.

In May 2018, a bug exposed Twitter users’ passwords that were stored in plain text in an internal log. The company encouraged all Twitter users to change their passwords.

“Due to a bug, passwords were written to an internal log before completing the hashing process. We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again,” CTO Parag Agrawal wrote in May. 

Just four months later, Twitter’s Account Activity API allowed third party developers to accidentally expose user activity data including direct messages and protected tweets. The bug affected less than 1% of Twitter users, however it remained at large for more than a year from May 2017 to September 2018.

Twitter apologises for the latest breach.

“We recognise and appreciate the trust you place in us, and are committed to earning that trust every day. We are sorry this happened.”

IoT breaches: Nearly half of businesses still can’t detect them
The Internet of Thing’s (IoT’s) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.
Carbon Black: What does cybersecurity have in store for 2019?
Tom Kellerman has shared five insights for the year ahead, including a particularly bold one.
Hands-on review: The Ekster Wallet protects your cards against RFID attacks
For some time now, I’ve been protecting my credit cards with tinfoil. The tinfoil hat does attract a lot of comments, but thanks to Ekster, those days are now happily behind me.
Report on SingHealth breach condemns poor security practices
The 2018 Singapore SingHealth data breach was poorly managed and riddled with vulnerabilities from the start.
Tesla wants people to hack its Model 3
Tesla is offering white hat hackers what could be the chance of a lifetime – the opportunity to hack one of its Model 3 vehicles.
How to tackle cyber threats in your home
How should you start securing your devices? The company has provided tips for actions you can take across social media, home routers, TVs, and many more.
Endace joins IBM Security app exchange community
EndaceProbe Network Analytics Platform captures, indexes, and stores network traffic while hosting a variety of network security and performance monitoring applications.
Datto names new CEO as founder steps back
Austin McChord continues as a board member as the former president and COO takes over as CEO.