• Skip to main content
  • Skip to primary sidebar

Real Entrepreneur News

Daily Entrepreneur News

Twitter’s support form leaked phone number country codes to IPs in China & Saudi

December 17, 2018 by News Desk Leave a Comment

Twitter’s support form leaked phone number country codes to IPs in China & Saudi

Twitter accidentally exposed the ability to pull an account’s phone number country code and whether the accounts had been locked by Twitter. The concern here is that malicious actors could have used the security flaw to figure out which countries accounts were based in, which could have ramifications for whistleblowers or political dissidents.

The issue came through one of Twitter’s support forms for contacting the company, and the company found that a large number of inquiries through the form came from IP addresses located in China and Saudi Arabia. Twitter writes “While we cannot confirm intent or attribution for certain, it is possible that some of these IP addresses may have ties to state-sponsored actors.” We’ve requested more info on why it’s suggesting that. Attribution in these situations can be murky, and naming specific countries or suggesting state actors could be involved carry heavy implications.

Twitter began working on the issue on November 15th and fixed it on November 16th. Twitter tells TechCrunch that it has notified the European Union’s Data Protection Commissioner, as EU citizens may have been impacted. However, since country codes aren’t necessarily considered sensitive personal information, the leak may not trigger any GDPR enforcement or fines. Twitter tells us it has also updated the FTC and other regulatory organizations about the issue, though we’ve asked when it informed these different regulators.

Twitter has directly contacted users impacted by the issue, says full phone numbers were not leaked, and users don’t have to do anything in response. Users can contact Twitter here for more info. We’ve asked how many accounts were impacted, but Twitter told us that it doesn’t have more data to share as its investigation continues.

A Twitter spokesperson pointed us to a previous statement:

“It is clear that information operations and coordinated inauthentic behavior will not cease. These types of tactics have been around for far longer than Twitter has existed — they will adapt and change as the geopolitical terrain evolves worldwide and as new technologies emerge. For our part, we are committed to understanding how bad-faith actors use our services. We will continue to proactively combat nefarious attempts to undermine the integrity of Twitter, while partnering with civil society, government, our industry peers, and researchers to improve our collective understanding of coordinated attempts to interfere in the public conversation.”

Sloppy security on the part of tech companies can make it dangerous for political dissidents or others at odds with their governments. Twitter explains that it locks accounts if it suspects they’ve been compromised by hackers or violate “Twitter’s Rules”, that includes “unlawful use” that depends greatly on what national governments deem illegal. What’s worrisome is that attackers with IP addresses in China or Saudi Arabia might have been able to use the exploit to confirm that certain accounts belonged to users in their countries and whether they’ve been locked. That information could be used to hunt down the people who own these accounts.

The company apologized, writing that “We recognize and appreciate the trust you place in us, and are committed to earning that trust every day. We are sorry this happened.” But that echoes other apologies from big tech companies that consistently ring hollow. Here in particular, it fails to acknowledge how the leak could harm people and how it will prevent this kind of thing from happening again. With these companies judged quarterly by their user growth and business, they’re incentivized to cut corners on security, privacy, and societal impact as they chase the favor of Wall Street.

Published at Mon, 17 Dec 2018 18:39:46 +0000

Filed Under: News

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Recent Posts

  • IBM CEO Arvind Krishna wants to completely transform his organization
  • Accelerators embrace change forced by pandemic
  • Apple updates Mac Mini with Apple-designed M1 chip
  • A theatre of dominance
  • HBO releases a wellness-focused AR app to promote ‘His Dark Materials’

Recent Comments

    Archives

    • November 2020
    • October 2020
    • September 2020
    • August 2020
    • July 2020
    • June 2020
    • May 2020
    • April 2020
    • March 2020
    • February 2020
    • January 2020
    • December 2019
    • November 2019
    • October 2019
    • September 2019
    • August 2019
    • July 2019
    • June 2019
    • May 2019
    • April 2019
    • March 2019
    • February 2019
    • January 2019
    • December 2018

    Categories

    • News
    • Video

    Meta

    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org

    Copyright © 2021 · News Pro on Genesis Framework · WordPress · Log in