Twitter accounts still vulnerable, say experts


London, Jan 1 (IANS): Despite claims of a fix by Twitter, researchers at a Britain-based security firm who earlier hijacked accounts of several celebrities and journalists to expose a vulnerability have said that the loophole still persists at the popular social media platform.

Insinia Security last week said it successfully hijacked the accounts of a number of celebrities, including Eamonn Holmes, Louis Theroux, Simon Calder and Saira Khan among others.

To take control of the accounts, the researchers at the company used fake SMS verification that made it appear as if they belonged to the account owners, The Telegraph reported.

A Twitter spokesperson told reporters on Friday that it had "resolved a bug that allowed certain accounts with a connected UK phone number to be targeted by SMS spoofing."

But the hackers who posted the unauthorised tweets to celebrity accounts appeared to reproduce the experiment after Twitter made its claim, Gizmodo reported on Monday.

A simple method allowed researchers at Insinia Security to send tweets, direct messages, retweet and like tweets, follow and unfollow people, according to the company which warned that the vulnerability could be easily exploited by nation states, hackers and organised crime groups.

The vulnerability could be used to "spread fake news and disinformation via influential celebrities and journalists", Insinia warned in a blog post.

Insinia recommended that users should remove their phone number from the Twitter account untill the bug is fixed.

"Twitter should completely remove this functionality (SMS verification) as users rely on their phone added to account for two-factor authentication," Insinia said.

  

Top Stories


Leave a Comment

Title: Twitter accounts still vulnerable, say experts



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.