Friday, Mar 29, 2024 | Last Update : 10:44 AM IST

  Technology   In Other news  24 May 2017  Twitter had a bug, allowed hackers to tweet from any account

Twitter had a bug, allowed hackers to tweet from any account

THE ASIAN AGE
Published : May 24, 2017, 11:34 am IST
Updated : May 24, 2017, 11:34 am IST

Anyone with know-how on the vulnerability could tweet from any account.

The researcher was awarded a bounty of $7,560 and Twitter fixed the ad service bug within three days of reporting it.
 The researcher was awarded a bounty of $7,560 and Twitter fixed the ad service bug within three days of reporting it.

There was a huge bug in Twitter’s ad service network and the vulnerability could allow anyone to tweet from anyone’s handle with ease, until a security researcher found the flaw in Twitter’s Ad Studio.

Motherboard reported that Kedrisec, a security researcher found the flaw in February and reported it to Twitter by February 25 after spending several days looking for bugs. He found the flaw in the ad service, which allows advertisers to upload media. By exploiting the bug in this network, he was able to post tweets as any other user. He claims that the bug was ‘not quite difficult’ to exploit.

Twitter did their research on the topic and quickly blocked the hole. "By sharing media with a victim user and then modifying the post request with the victim's account ID the media in question would be posted from the victim's account," Twitter wrote in its summary of the bug.

‘In plain English, this means that the attacker simply needed to fiddle with the code that gets sent to Twitter when posting something to trick the social network into posting the tweet as somebody else—all without having to hack anyone's account,’ explains Motherboard.

The researcher was awarded a bounty of $7,560 and Twitter fixed the ad service bug within three days of reporting it.

Tags: twitter, flaw, security, vulnerability, hack