It comes in the wake of the confirmed death of Washington Post journalist Jamal Khashoggi on Friday, two weeks after he disappeared in the Saudi consulate in Istanbul. Khashoggi had long been a target of a Saudi troll army, according to the report, which employed hundreds of people to stifle the speech of government critics, like Khashoggi, who left the kingdom to live and work in the United States.
But the troll farm is said to be one part of a wider scheme by the Saudi leadership to surveil critics and dissidents.
According to the report, Western intelligence officials told Twitter that one of its employees, a Saudi national, was asked by the Saudi government to spy on the accounts of dissidents. The employee — an engineer — had access to account data on Twitter users, including phone numbers and IP addresses. Saudi officials are said to have convinced him to snoop on several accounts. Twitter fired the employee, despite finding no evidence that he handed data over to the Saudi government. The employee later returned to the kingdom and now works for its government.
After the dismissal, the Times reports, Twitter sent out warnings a few dozen users that their accounts “may have been targeted by state-sponsored actors.”
“As a precaution, we are alerting you that your Twitter account is one of a small group of accounts that may have been targeted by state-sponsored actors,” said Twitter in the email to affected users. “We believe that these actors (possibly associated with a government) may have been trying to obtain information such as email addresses, IP addresses, and/or phone numbers.”
Twitter didn’t say at the time what was the cause of the email warning, leading some to question what linked the affected accounts.
Around 20 users were affected, including privacy and security researcher Runa Sandvik, human rights activist Michael Carbone, and Austrian communications expert Marco Schreuder.
Several of the affected users also worked for the Tor Project, a non-profit that allows activists and researchers to browse the web anonymously — often to bypass state-level censorship and surveillance.
Facebook and Google also have similar alerts in place in the event of suspected state-sponsored attacks or hacking, though often the companies send out alerts out of an abundance of caution — rather than a solid indicator that an account has been breached.
Twitter did not respond to a request for comment.