Twitter bug bounty hunters have found a significant loophole in the social media’s comprehensive media sharing tool called the Twitter Ad Studio. The bug in Twitter’s ad service can let hackers tweet from other accounts or delete photos and videos from their feed without knowing or stealing their passwords. Also Read - Deep Nostalgia brings old photos to life: Here's how to use this AI tool
The Studio tool was released by Twitter last year in September for publications to easily publish video content from desktops. A group of researchers now claims to have come across a major vulnerability in Twitter’s product and its security protocols. “By sharing media with a victim user and then modifying the post request with the victim’s account ID the media in question would be posted from the victim’s account,” Twitter explained while addressing the bug. Also Read - Twitter testing Spaces for Android; ahead of March launch
A blog published last week by Anand Prakash brought the bug to everyone’s notice. Prakash’s blogpost briefed about the vulnerability, which is said to be discovered by him within a day of Studio’s launch. He looked for the flaw and even tried it on a friend’s account. According to Gizmodo, the micro-blogging site has identified the flaw and fixed it. Twitter has reportedly paid around $5,000 to Prakash for his research. ALSO READ: Tesla chief Elon Musk announces exit from Donald Trump’s advisory council in a post on Twitter Also Read - Twitter brings Super Follows for creators, new Communities feature
It is said that none of the accounts were jeopardized before the tool was made available to a large number of users. Twitter made the Studio tool available to a limited number of whitelisted users and the bug was fixed within 24 hours of triage. “This bug was patched immediately after being triaged and no evidence was found of the flaw being exploited by anyone other than the reporter,” wrote Twitter.
In other news, the micro-blogging website has now introduced a new feature to Direct Messages (DMs), which now filters DMs from unknown followers or accounts you don’t recognize. Prior to this, Twitter had also launched a customizable Direct Message Card for business accounts promote and share bots and other customer experiences via DMs.