Social networking site Twitter revealed that it has discovered and fixed a security bug that could have exposed users’ phone country codes and locked accounts details.
The micro-blogging giant stated they noticed unusual activity in its Application Programming Interface (API) and observed a large amount of traffic coming from IP addresses located in China and Saudi Arabia. Twitter stated the bug was fixed on November 16, 2018, and informed the users that may have been affected due to the security bug.
“We have become aware of an issue related to one of our support forms, which is used by account holders to contact Twitter about issues with their account. We began working to resolve the issue on November 15 and it was fixed by November 16. This could be used to discover the country code of people’s phone numbers if they had one associated with their Twitter account, as well as whether or not their account had been locked by Twitter. We lock an account if it appears to be compromised or in violation of the Twitter Rules or our Terms of Service,” Twitter stated in a statement.
Twitter said the IP addresses might have been linked to state-sponsored actors, and the company is investigating on the same to find the origins. Apologizing for the incident, Twitter said, “No action is required by account holders and we have resolved the issue. We recognize and appreciate the trust you place in us, and are committed to earning that trust every day. We are sorry this happened.”
A number of social media handles like Facebook and Google+ suffered multiple data breaches this year. Facebook recently reported that it has suffered a data breach that exposed 6.8 million users’ private photos to third-party application developers. The social networking giant announced that its internal team discovered a photo API bug that allowed third-party apps to access users’ photos for 12 days between September 13 to September 25, 2018.
Google had earlier announced that it will be shutting down its social media platform Google+ for consumers by August 2019, after the disclosure of a vulnerability that exposed around 500,000 users’ personal information to third-party developers. But, in a recent media statement, the California-based firm stated that it is moving the date to April 2019. The declaration came after Google+ encountered another data breach that exposed personal information of 52.5 million users.