Twitter is warning of a new hack attempt that might have happened under the direction of another nation.
A Monday blog post from the social media company says that Twitter discovered the possible state-sponsored attack on Nov. 15 and then fixed it the following day.
According to the blog post, Twitter says it noticed an unusually “large number of inquiries coming from individual IP addresses located in China and Saudi Arabia.” It says the attack was conducted on Twitter’s customer support form API, where users can ask the social media company for help regarding their accounts.
While the company fears that either China or Saudi Arabia played a role in the hack, Twitter stressed that it’s not known for sure.
“While we cannot confirm intent or attribution for certain,” the blog post reads, “it is possible that some of these IP addresses may have ties to state-sponsored actors.”
And what information might be exposed by the exploitable flaw in the customer support form?
“This could be used to discover the country code of people’s phone numbers if they had one associated with their Twitter account,” the blog post reads, “as well as whether or not their account had been locked by Twitter.”
An account is locked if it is found to violate Twitter’s rules or terms of service, the company wrote on its website.
Don’t worry: Twitter wrote in the blog post that it has already reached out to the people who had their information compromised. Aside from a person’s country code, no other information or even a full phone number was revealed, Twitter assured its users.
And if you are affected, Twitter says, “no action is required.”
Those impacted can reach out to Damien Kieran, Twitter’s data protection officer, by filling out this form.
