To exploit the vulnerability, you just need to know the phone number of the other person.
Security specialist Richard De Vere reported that he found a Twitter vulnerability that allows users to post and write private messages on behalf of another user.
De Vere spoke about the danger in the publication Computer Weekly. The vulnerability has not yet been resolved so he was unable to disclose the details of how you can gain access to someone else’s account. In order to prove what he was saying was true, he published a tweet on behalf of the publication, with their permission of course.
Richard De Vere claims that you just need to know the phone number associated with the attacked account in order to exploit the vulnerability. It is not necessary to have special technical knowledge and the process of hacking is extremely simple.
In addition to writing tweets and messages, the bug allows you to change the profile settings. For example, an attacker could disable two-factor authentication in order to facilitate access to the account.
In order to inform the developers of the problem, Richard De Vere published a bug report on the bug bounty platform HackerOne. According to the expert, it was the only way to convey information about the vulnerability to Twitter programmers.
The dangerous bug has probably already been taken advantage of by attackers who hack popular accounts to promote fraudulent projects.
Share this with your friends!