Twitter discovered a possible nation-state attack while it was investigating an information disclosure flaw affecting its platform.
Experts at Twitter discovered a possible state-sponsored attack while they were investigating an information disclosure vulnerability affecting its support forms. The experts discovered that the attack was launched from IP addresses that may be linked to nation-state actors.
The flaw affected a support form that could be used to contact Twitter in case of problems with an account. The flaw could have been exploited to obtain the country code of a user’s phone number and determine whether or not the account had been locked by Twitter.
An account could be locked if it violates rules or terms of service, or if the account was compromised. The social media platform fixed the flaw on November 15, in just 24 hours.