We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Hackers exploit Twitter flaw

Bug can 'force people to follow you'

Hackers are exploiting a bug in Twitter, which can compromise users accounts, according to a security researcher.

Aviv Raff said the Twitter vulnerability could expose users to malware-hosting websites. "It can force people to follow you, which means all your twits will be showed in their Twitter home page, including potentially malicious links," Raff said.

Raff launched the website Twitpwn to report the research he'd done on the social networking and micro-blogging service.

"Twitter security team was notified on 31-July-2008. Technical details will be added as soon as this vulnerability will be fixed," he said.

An attacker can currently leverage the bug by tricking users into clicking on a link on a malicious or hacked website. From that point, the victim's Twitter account is automatically set to follow the attacker's.

On Twitter, 'following' another means receiving all updates, or 'tweets', sent by the other user. Those tweets are collected and displayed on the following user's Twitter home page, or on their phone or in their instant messaging client.

This Twitter bug is the newer of a pair that Raff has found on the service. Last week, he reported another vulnerability that allowed spammers and phishers to send emails that included links to malicious sites to other Twitter users. Twitter has since patched that flaw.

Expect more Twitter research, Raff said. "I'm working on several ways to abuse Twitter as a platform [and I'll] publish my research in this blog when I'm done," he said, referring to his Twitpwn site.

Raff is better known as a browser vulnerability researcher, notably for his part in May in uncovering a threat posed by the 'carpet bomb' bug in Apple's Safari to users of Microsoft's Internet Explorer. Most recently, he warned of several bugs in Apple's iPhone that could be used by phishers to dupe users into visiting malicious sites or by spammers to flood the phone's in-box with junk mail.

IDG UK Sites

Best camera phone of 2015: iPhone 6 Plus vs LG G4 vs Galaxy S6 vs One M9 vs Nexus 6

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 of price of Retina iMac with new model