Twitter Reports Security Flaw Which May Have Exposed User Data
Data privacy has been the theme of 2018, and it looks set to remain the key talking point as we head into the final weeks of the year.
This week, it's Twitter's turn to report a potential leak, with the platform reporting that it has detected an error in its systems which may have exposed selected user information to those seeking to find it, via the platform's support forums.
As explained by Twitter:
"We have become aware of an issue related to one of our support forms, which is used by account holders to contact Twitter about issues with their account. This could be used to discover the country code of people’s phone numbers if they had one associated with their Twitter account, as well as whether or not their account had been locked by Twitter."
Given that the issue is limited to those who've used a specific support form, based on this initial information, the extent of the leak seems relatively limited in scope, though Twitter hasn't revealed the full number of accounts impacted. Twitter says that full phone numbers and/or any other personal data was not exposed beyond this, and that those affected have been informed directly, as has the European Union’s Data Protection Commissioner.
That, of course, is not to play down the significance of yet another social platform data leak, but based on the information provided, it would seem more limited than other breaches throughout the year. By reporting the issue, Twitter's working to get ahead of any negative blowback, and ensure greater transparency - though there is one particularly concerning note included within Twitter's announcement post:
"Since we became aware of the issue, we have been investigating the origins and background in order to provide you with as much information as possible. During our investigation, we noticed some unusual activity involving the affected customer support form API. Specifically, we observed a large number of inquiries coming from individual IP addresses located in China and Saudi Arabia. While we cannot confirm intent or attribution for certain, it is possible that some of these IP addresses may have ties to state-sponsored actors. We continue to err on the side of full transparency in this area and have updated law enforcement on our findings."
So, rather than being a proactive measure, Twitter's found evidence of potential access. That's a significant concern, which adds more weight the importance of this particular incident.
As noted by TechCrunch, the real issue with this breach is that it may have impacts for whistleblowers and/or political dissidents, with government organizations using this information, in combination with other sources, to weed such informers out. Protecting users is obviously a key concern for all platforms, but particularly in cases like this, where more autocratic leadership may go to extreme measures to silence critics.
Again, Twitter hasn't revealed the full scope of the breach, with investigations still ongoing, but its another blow to data privacy, and the expanded connection of social platforms in general.
Follow Andrew Hutchinson on Twitter