After various social network hack, particularly with regards to Facebook, many have started giving careful consideration to the security of the social media account. Along these lines, a British security analyst as of late, figured out a genuine flaw on Twitter.
Richard De Vere is an ethical hacker and security researcher, who reported about, the Twitter flaw, saying that it can be exploited and used for sending tweets from other people’s accounts. The flaw is actually very easy to exploit, and he supposedly worked out how doing it within minutes. It is not a complicated hack, but a simple flaw in the code.
How does the flaw work?
According to De Vere’s report, the flaw can expose any account that has an associated mobile phone number. All that hackers really need is the knowledge of what the number is, and they will be able to send tweets, post images or videos, retweet content, and even send private messages. Not only that, but they can also get access to security settings, which allows them to turn the two-factor authentication off. That way, the real owner of Twitter account would never get a warning from someone trying to access their Twitter.
In the wake of finding the flaw, De Vere exhibited it to others by posting tweets from accounts he didn’t have access to. He likewise revealed the subtleties of the hack to a security testing firm HackerOne. HackerOne is likewise an organization that runs bug bounty programs for Twitter and observes every single potential imperfection on the platform.
As of now the insights concerning how the hack is performed is unknown, as the vulnerability still needs to be fixed. Obviously, it is as yet conceivable that a few hackers might know about the bug, as De Vere said. As indicated by him, According to him, this might be the flaw that that was used for performing Twitter scams. Especially in cases where high-profile accounts tweeted fake promotions and then claimed no knowledge about it.
As of now, different specialists found out about the flaw, and many of them feel that this is a serious vulnerability. “A hacker might collect 10,000 phone numbers, and access just as many profiles, some of which may even be influential. If a said hacker used this to tweet about a BTC scam or some fake news, the number of repeats will definitely trick large amounts of people”, said Ed Tucker, CEO of Byte. Tucker was Customs’ former head of IT security, and he explained why such a flaw might be extremely dangerous.
Researchers were all praised De Vere’s decision to quickly expose the flaw for. He also acknowledges that it is not possible to reveal such flaws to Twitter without reporting it to HackerOne.
De Vere also added that there is a possibility that Twitter will struggle with this issue quite a bit. Resolving it might mean switching off an important functionality on a world-wide scale. However, he still believes that Twitter can do it in a short while.
Scams and hacking attacks are more popular than ever on social networks and the internet in general. One such scam has allowed hackers to steal thousands of dollars, simply by posing as Elon Musk and tweeting about a Bitcoin scheme.
Related Resources:
Why WordPress is Vulnerable and Not immune to Attack
Smart City Based Vulnerabilities
New Serious Vulnerability found in Adobe
Most Web Apps Contain High-Severity Vulnerabilities