Twitter tumbles amid hacking concerns after it reveals ‘unusual traffic’ from China and Saudi Arabia
- Found large amount of traffic to customer customer support site
- Were coming from individual IP addresses in China and Saudi Arabia
Twitter shares fell almost 7 percent after the company said it was investigating unusual traffic that might be from state-sponsored hackers and, in what appeared to be an unrelated issue, a security firm said hackers used the platform to try to steal user data.
Twitter said in a blog that it discovered suspicious traffic to a customer-support forum while investigating a security bug that exposed data, including users’ phone country codes and details on locked accounts.
It said the bug was fixed Nov. 16.
Twitter said it observed a large amount of traffic to the customer support site coming from individual internet IP addresses in China and Saudi Arabia.
Scroll down for video
Twitter shares fell almost 7 percent after the company said it was investigating unusual traffic that might be from state-sponsored hackers and, in what appeared to be an unrelated issue, a security firm said hackers used the platform to try to steal user data.
TWITTER’S LATEST BUG
Twitter Inc said on Monday it has resolved an issue with one of its complaint forms that could have revealed country code of phone numbers linked to account holders.
The issue, which was fixed on Nov. 16, did not expose full phone numbers or any other personal information of users, the company said.
Twitter declined to give any additional information on the issue.
‘While we cannot confirm intent or attribution for certain, it is possible that some of these IP addresses may have ties to state-sponsored actors,’ the blog said.
‘We continue to err on the side of full transparency in this area and have updated law enforcement on our findings,’ it said.
A company spokesman declined to elaborate as Twitter shares posted their biggest drop in more than two months.
Wedbush analyst Michael Pachter blamed the decline on concerns that news of a breach could hurt growth and user engagement.
‘Clearly, a breach like this impairs user trust in the platform,’ he said.
‘We began working to resolve the issue on November 15 and it was fixed by November 16,’ the firm said.
The bug could be used to discover the country code of people’s phone numbers if they had one associated with their Twitter account, as well as whether or not their account had been locked by Twitter.
‘We lock an account if it appears to be compromised or in violation of the Twitter Rules or our Terms of Service,’ said Twitter.
-
Saturn is losing its rings: NASA study finds they will have…
The most-distant solar system object ever observed: ‘Farout’…
Elon Musk builds a medieval WATCHTOWER outside the SpaceX…
Living on the moon could KILL: Researchers find breathing…
Share this article
The bug could be used to discover the country code of people’s phone numbers if they had one associated with their Twitter account, as well as whether or not their account had been locked by Twitter.
‘Importantly, this issue did not expose full phone numbers or any other personal data.
‘We have directly informed the people we identified as being affected. We are providing this broader notice as it is possible that other account holders we cannot identify were potentially impacted.’
Twitter said it found the strange traffic as it investigated the issue.
‘During our investigation, we noticed some unusual activity involving the affected customer support form API. Specifically, we observed a large number of inquiries coming from individual IP addresses located in China and Saudi Arabia.
‘We continue to err on the side of full transparency in this area and have updated law enforcement on our findings.
‘No action is required by account holders and we have resolved the issue.’
Separately, security software maker Trend Micro Inc said in a blog earlier on Monday that attackers sent out two tweets in October in a bid to steal data from previously infected machines.
The hackers hid instructions in tweeted memes that secretly ordered infected devices to send information, including user names, screen images and other content, Trend Micro said.
The Twitter spokesman declined comment on the Trend Micro report.
Source: Read Full Article