In another mega blunder, Twitter accidentally exposed a security flaw that allowed others to extract its users’ phone number country codes. This is extremely alarming. Many users want their location to remain hidden for obvious reasons. The flaw also lets others know whether a Twitter account is locked or not.
Then there are whistleblowers and political asylum seekers who don’t want their identity or location to be known to the world. The issue came to attention through Twitter’s support forms. Twitter noted that many requests came from China and Saudi Arabia, two of the most undemocratic countries; Oligarchies basically.
Twitter gave an official statement,
“While we cannot confirm intent or attribution for certain, it is possible that some of these IP addresses may have ties to state-sponsored actors.”
It’s unknown why Twitter thinks there might be some state-level espionage involved, but I’m sure they have their reasons to feel suspicious.
Something always sinister is going behind the scenes if countries like China and Saudi Arabia are involved. So I fear there might be something gruesome about to go down.
Twitter had started fixing the loophole on November 15th and managed to fix it the next day on 16th November. During that time nothing major occurred, and possible catastrophe was avoided.
We have become aware of an issue with one of our support forms which may have been used to discover the country code of certain people’s phone numbers and whether the account had been locked by Twitter. This issue did not expose full phone numbers or any other personal data.
— Twitter Support (@TwitterSupport) December 17, 2018
The company told TechCrunch that it had informed the European Union’s Data Protection Commissioner, as Europeans citizens may have been impacted. The leak did not violate any GDPR rules since country codes are not considered sensitive personal information.
Twitter has also informed the FTC (Federal Trade Commission) about the exposure. The tech company didn’t specify when it informed the FTC however. Twitter reassured that complete phone numbers were not exposed, so it’s not an utter disaster.
It directly reached out to affected users to inform them this news. Twitter did not add much besides this detail. Twitter gave a bold yet remarkably honest statement. The company said that nefarious deeds had existed since long before the company came into existence.
These deeds will keep occurring. Bad-faith actors will change their tactics and find new ways to screw the system. Twitter will continue battling such forces of evil. It will be partnering with civil society, government, industry peers, and researchers to improve their knowledge of how such actors interfere with justice and civility.
Insufficient security measures can put asylum seekers or political activists’ lives at stake. Twitter confirmed that it locks accounts on the grounds of suspicious behavior if they get hacked or violate “Twitter’s Rules.” These rules include “unlawful use.” This is a grey area since it is dependent on what a country considers illegal.
The most troubling part is that users with IP addresses belonging to China and Saudi Arabia will be able to confirm if accounts of certain users are locked. They will be able to track them down which will have so many consequences of its own.
Twitter needs to up its security by a mile. These are not just a matter of shares and profits anymore, the lives of actual people are on the line. It’s a war between governments and political activists, and Twitter is caught in the crossfire.