Researcher reveals Twitter ‘follow’ bug

August 1, 2008 – 9:56 AM

Attackers can exploit a bug in Twitter to force victims to follow the hacker’s account, a security researcher said Thursday.

According to Aviv Raff, the Twitter vulnerably could expose users to malware-hosting Web sites. “It can force people to follow you, which means all your twits will be showed in their Twitter home page — including potentially malicious links,” Raff said during an interview conducted via instant messaging.

On a site dubbed “Twitpwn” that he launched earlier Thursday to report research he’s done on the social networking and micro-blogging service, Raff spelled out only the basics. “Twitter security team was notified on 31-July-2008,” he said on the site. “Technical details will be added as soon as this vulnerability will be fixed.”

Twitter will have a fix in place by Friday, Raff added.

An attacker can currently leverage the bug by tricking users into clicking on a link on a malicious or hacked Web site. From that point, the victim’s Twitter account is automatically set to follow the attacker’s.


You must be logged in to post a comment.