Twitter discovered a possible nation-state attack while it was investigating an information disclosure flaw affecting its platform.
Experts at Twitter discovered a possible state-sponsored attack while they were investigating an information disclosure vulnerability affecting its support forms. The experts discovered that the attack was launched from IP addresses that may be linked to nation-state actors.
The flaw affected a support form that could be used to contact Twitter in case of problems with an account. The flaw could have been exploited to obtain the country code of a user’s phone number and determine whether or not the account had been locked by Twitter.
An account could be locked if it violates rules or terms of service, or if the account was compromised. The social media platform fixed the flaw on November 15, in just 24 hours.
The experts noticed a suspicious activity related to the API associated with the flawed customer support form.
“During our investigation, we noticed some unusual activity involving the affected customer support form API.” reads a blog post published by Twitter.
“Specifically, we observed a large number of inquiries coming from individual IP addresses located in China and Saudi Arabia. While we cannot confirm intent or attribution for certain, it is possible that some of these IP addresses may have ties to state-sponsored actors. We continue to err on the side of full transparency in this area and have updated law enforcement on our findings.”
Twitter, like many other social media platforms, are a privileged target for state-sponsored hackers that could use them for online propaganda and spread fake news.
In November, the researcher Terence Eden discovered that the permissions dialog when authorizing certain apps to Twitter could expose direct messages to the third-party. The expert was awarded $2,940 for reporting the bug to the company under the bug bounty program operated through the HackerOne platform.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.