While Twitter has over the years proven to be a secured microblogging platform, researcher Anand Prakash has discovered a new vulnerability in the network’s advertising service. Using the vulnerability of the network, an attacker could send tweets and upload materials from a victim’s account according to a latest report by SC Magazine.
Twitter released the advertising service ‘Studio’ back in 2016 to simplify the process of publishing videos from desktops. However, previously, another bug was discovered in the platform. In a post, Anand Prakash said, “I started looking out for security loopholes after the launch [of the Studio tool]. All API requests on studio.twitter.com were sending a parameter named “owner_id” which was twitter user id(publicly available and sequential) of the logged in user. Owner_id parameter was missing authorisation checks changing which allowed me to take actions on behalf of other twitter users.”
Following the report, Tweet since then has fixed the bug and confirmed that no one was affected by the exploitation of the service. Earlier, reports surfaced that the attackers in Venezuela are using another method to hack protestors’ account.
Featured Image: Flickr/Vincent Brown