Twitter detects possible state-sponsored activity from China, Saudi Arabia

Twitter says there has been suspicious activity on its platform that may have involved state-sponsored hackers from China and Saudi Arabia seeking information about specific users.

The social media company says it detected an “issue” on Nov. 15 related to one of its support forums, where users contact Twitter to report any problems with an account. Outsiders potentially could view the country code users associated with their accounts and could assess whether an account was locked for violating Twitter’s rules, the company said in an announcement late Monday.

“Specifically, we observed a large number of inquiries coming from individual IP addresses located in China and Saudi Arabia,” Twitter said. “While we cannot confirm intent or attribution for certain, it is possible that some of these IP addresses may have ties to state-sponsored actors.”

The issue was fixed within one day and Twitter has notified the affected users, the company said. No personal information was exposed in the incident, according to the announcement. Twitter’s stock fell 6.8 percent Monday after the disclosure.

Possible government hacking only is the the latest problem for the company. A report prepared for the Senate Intelligence Committee said Twitter failed to detect Russian propaganda operations between 2015 and 2017 targeting American users. Those influence operations were much larger than previously reported, according to the report, and involved efforts to discourage minority groups from voting.

Cybersecurity researchers from Trend Micro meanwhile reported that hackers also exploited Twitter to activate malicious software in a new way. By hiding code in memes that circulated on the social media site, hackers could send out executable commands to malware already embedded on user’s computers. Twitter is not accused to distributing any malware, but the findings again highlight how the site is used for nefarious purposes.