Twitter Accounts Still Vulnerable After Reported Fix, Say Experts

Share on Facebook Tweet Share Reddit Comment
Twitter Accounts Still Vulnerable After Reported Fix, Say Experts
Highlights
  • Insinia Security said it hijacked the accounts of a number of celebrities
  • Researchers used fake SMS verification to take control of accounts
  • Vulnerability could be used to spread disinformation: Insinia

Despite claims of a fix by Twitter, researchers at a Britain-based security firm who earlier hijacked accounts of several celebrities and journalists to expose a vulnerability have said that the loophole still persists at the popular social media platform.

Insinia Security last week said it successfully hijacked the accounts of a number of celebrities, including Eamonn Holmes, Louis Theroux, Simon Calder and Saira Khan among others.

To take control of the accounts, the researchers at the company used fake SMS verification that made it appear as if they belonged to the account owners, The Telegraph reported. 

A Twitter spokesperson told reporters on Friday that it had "resolved a bug that allowed certain accounts with a connected UK phone number to be targeted by SMS spoofing." 

But the hackers who posted the unauthorised tweets to celebrity accounts appeared to reproduce the experiment after Twitter made its claim, Gizmodo reported on Monday.

A simple method allowed researchers at Insinia Security to send tweets, direct messages, retweet and like tweets, follow and unfollow people, according to the company which warned that the vulnerability could be easily exploited by nation states, hackers and organised crime groups.

The vulnerability could be used to "spread fake news and disinformation via influential celebrities and journalists", Insinia warned in a blog post.

Insinia recommended that users should remove their phone number from the Twitter account untill the bug is fixed.

"Twitter should completely remove this functionality (SMS verification) as users rely on their phone added to account for two-factor authentication," Insinia said.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and subscribe to our YouTube channel.

Further reading: Twitter, Insinia Security, UK
Xiaomi Mi TV 4A 32, Mi TV 4C Pro 32, Mi TV 4A Pro 49 Prices Cut in India
NASA’s New Horizons Spacecraft Just Visited the Most Distant Object Ever Explored
 
 

Advertisement

 

Advertisement

© Copyright Red Pixels Ventures Limited 2019. All rights reserved.