Twitter today announced that the platform’s support form had been hit by a data breach exposing user data to IP addresses from Saudi Arabia and China.
The leaked data contains the country codes of the phone numbers linked to users’ accounts. The attackers exploited a bug in the Support forms that allowed them to access country codes and whether the account has been locked by Twitter or not. Twitter locks an account if it has been compromised or when it violates the social media platform’s guidelines.
While we cannot confirm intent or attribution for certain, it is possible that some of these IP addresses may have ties to state-sponsored actors