Twitter Claims To Have Fixed A Security Hole….. But It Actually Didn’t

The fine folks over at Gizmodo have an eye opening story that goes like this. Security researchers from Insinia Security discovered a hole on the Twitter platform that could allow a miscreant to post unauthorized tweets. They disclosed this to Twitter, and the social media company claimed to have fixed the problem. But when the researchers sanity checked the fix, they discovered it wasn’t fixed:

During a private chat with Gizmodo, however, the hackers appeared to reproduce their experiment, forcing an account belonging to the head of a London-based financial technology company to retweet a tweet from the BBC. Insinia said it verified the flaw remained using “a number of accounts.”

Twitter claims it is investigating this, but this seems like one hell of a screw up. Or worse, Twitter might have been hoping that nobody checked their work. Too bad for them that someone was smart enough to.

Take home message. If you say something is fixed. You should make sure that it is fixed or someone will call you on it.

Leave a Reply

%d bloggers like this: