Twitter has notified some users that a bug may have exposed their personal data.
Those affected had an associated phone number on their account. The data leak shared the country code of the associated phone number, “as well as whether or not their account had been locked,” Twitter said in a notice.
The company hasn’t provided an estimate for how many accounts potentially had information exposed. Twitter initially spotted the issue in November, but it didn’t disclose details of the problem until earlier this week for reasons that remain unclear.
“No action is required by you and we have resolved the issue,” Twitter said.
Twitter said “unusual activity” came through one of its support forms for contacting the company. The company found a large number of inquiries from IP addresses in China and Saudi Arabia.
“While we cannot confirm intent or attribution for certain, it is possible that some of these IP addresses may have ties to state-sponsored actors,” Twitter wrote.
While the amount of information exposed in the leak was minor in comparison to other breaches that have occured this year, TechCrunch noted that malicious actors could have used the security flaw to “figure out in which countries accounts were based, which could have ramifications for whistleblowers or political dissidents.”
Users who may have had their country code improperly shared were contacted directly. Twitter has stated that full phone numbers were not leaked and users don’t have to do anything in response.