A security researcher found a bug in Twitter’s support form two years ago that exposed the country codes of phone numbers attached to user’s accounts. At the time, his bug report was closed as it did “not appear to present a significant security risk.” Twitter now says that the bug may have been abused by nation state actors. “We have become aware of an issue related to one of our support forms, which is used by account holders to contact Twitter about issues with their account,” said Twitter in its disclosure.