Twitter flaw allowed you to tweet from any account
All this time, a rather simple Twitter bug could have caused chaos on the platform. A Twitter security flaw which went undetected for years allowed attackers to post messages masquerading as any user they chose. A security researcher that goes under the moniker Kedrisch disclosed the flaw on Tuesday, which was present on the microblogging platform until 28 February this year. Discovered in Twitter Ads Studio , a platform for advertisers to upload media and content, the high-severity bug appeared in the service library where users can review media before publishing. When handling media and tweet publishing requests, by sharing this media with an intended victim and then modifying the post request with the victim's account ID, the media in question would be automatically posted from the victim's account rather than the attacker's. As only the parameters of the code needed to be tweaked, there was no need to have any account credentials belonging to the ...