Modernizing Authentication — What It Takes to Transform Secure Access
Microblogging site Twitter says it has patched a hole in its software that would let any user force other Twitterers to follow him or her without their consent.
'We identified and resolved a bug that permitted a user to 'force' other users to follow them. We're now working to rollback all abuse of the bug that took place," said a post on Twitter's Status page Monday morning.
Gadget site Gizmodo was one of the first to publicize the security problem, which it attributed to a Turkish Twitter user, who detailed the flaw on his blog. Gizmodo also published the simple steps necessary to make anyone -- including celebrity Twitter users like Ashton Kutcher or Conan O'Brien -- follow any user.
The exploit boiled down to a user typing two words: Accept 'username.'https://l1.cdn.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
Numerous reports confirmed the hack enabled a user to force themselves into the users followed by another. However, Twitter's staff moved quickly to address the issue, although admins had to reset users' number of followers back to zero, a problem they said on the site's Status page would "shortly be resolved."
It isn't the only time that Twitter has had security problems recently.
In January, hackers discovered that a known flaw in Adobe's Flash widget enabled them to get access to users' login credentials.
Twitter quickly fixed that security hole, as well.
Officials at Twitter did not respond to requests for comment by press time, although a status update on the Twitter blog noted that "protected updates did not become public as a result of this bug."