If you’ve ever had a twitter account, you know how addicting it can be. What if someone could hack Twitter, though? It would be outrageous; people could lose so much of their valuable information, or have their accounts taken over? Maybe, though, maybe it wouldn’t nearly be as bad. Masato Kinugawa found a reported a possible vulnerability to Twitter, and when the ‘new version’ was released it still hadn’t been fixed.
How could someone hack twitter?
The vulnerability was called a “cross-site scripting” vulnerability or XSS. This vulnerability could be used to turn tweets into different colors. Harmless right? No one was trying to hack twitter. Until Kinugawa decided to take another step, he outed the fact that Twitter had ignored his warning, simply by showing them it was a serious problem. He set up an account, Rainbow Twtr and then used the vulnerability to show how tweets could be changed different colors. No big deal, nothing illegal or upsetting, until other people saw what he had found and decided to do what they wanted with it. After Kinugawa had shown that there was a vulnerability, though he likely had no ill intent and just wanted it to be addressed, other people started to play around with the information.
What did they manage to do?
Magnus Holm was one of the few that harmlessly toyed with the vulnerability. He likely wasn’t trying to find out how to hack twitter, but he figured out the next step. He expanded the script, in such a way that it would retweet itself with a user’s account if they dared scroll over the tweet. Within a few hours, his mistake was clear, even though he insisted it didn’t do much, the worm was viral. This was the start to one of the biggest hacks on Twitter. The biggest issue with the hack? Twitter was asleep, all of this happened when the team wasn’t at the office; they didn’t know about it yet.
How bad could it have possibly have gotten?
Holms idea, retweeting using the account of someone who moused over a tweet was a massive security issue. Someone could retweet information through your account without your consent. This was a massive problem. This brought the real hackers who wanted to know how to hack Twitter out of the woodwork. Using varied versions of Holm’s method hackers were able to distribute everything from pornography to delivering real worms and viruses. There was a point that Twitter as a whole was turned into a ‘link’ making anyone who has logged in retweet the links. The major security issue wasn’t noticed, though, until Twitter woke up. Once they saw what had happened, they gave a warning and within a half an hour, the problem had been solved. You can check http://www.hacktwit.com/ for more information and details.
How to hack Twitter is a difficult subject, for there aren’t many ways to do so. Until this vulnerability was resolved, though, Twitter was a horror house. Starting with someone just wanting to get a problem addressed, and ending with massive viral infections and account takeovers. You could always delete the tweets sure, but that didn’t erase the fact that they happened. If Twitter had paid attention to Kinugawa’s first warning, this security breach wouldn’t have occurred at all.