9/25/2023 0 Comments Purple twitter logo![]() In their official statement released on August 5, 2022, the tech giant pointed out that no passwords were exposed, but they encouraged their users to enable two-factor authentication apps or hardware security keys to protect their accounts from unauthorized logins.Īnd for all the users that operate a pseudonymous Twitter account, they recommended that not adding a publicly known phone number or email address to the Twitter account would be the best point of action in order to keep their identity as veiled as possible. ![]() When they learned about this, they immediately investigated and fixed it.Īt that time, the company had no evidence to suggest someone had taken advantage of the vulnerability. ![]() The data was sold on the market for about $30,000.įrom Twitter’s statements, this bug resulted from an update to their code in June 2021. Prior to that, the attackers created profiles of 5.4 million Twitter users in December 2021 and scraped public information, such as follower counts, screen name, login name, location, profile picture, URL, and other information. The security researcher reported the vulnerability in January 2022 and the company awarded a $5,040 bounty for his findings. More technically, what the security researcher zhirinovsky reported on HackerOne’s bug bounty platform is that this vulnerability allows any party without any authentication to obtain a twitter ID (which is almost equal to getting the username of an account) of any user by submitting a phone number/email even though the user has prohibited this action in the privacy settings.Īs he stated, the bug exists due to the process of authorization used in the Android Client of Twitter, specifically in the process of checking the duplication of a Twitter account. The vulnerability allowed anyone to submit an email address or phone number, verify if it was associated with a Twitter account, and retrieve the associated account ID. How Does The Twitter Zero-Day Attack Work?
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |