UPDATED 14:01 EST / OCTOBER 05 2010

Twitter DM Loophole, Shortly after Massive JS Attack

A recent report has uncovered a security loophole in Twitter, concerning users’ private direct messages (DMs). It’s one that can potentially give web developers easy access to private information exchanged between two individual users.

After numerous concerns regarding privacy breaches in the Twitter API, the pessimists had proven to be right, and while Twitter has not responded to any questions yet, the subject is highlighted even further by to a very fresh JavaScript-related attack the social-network had undergone.

“The Twitter API can be exploited quite easily and let anyone [with access to website code] gain access to your direct messages.”

The access can be granted when a user logs into Twitter or a site (such as a blog) that uses Twitter and requires your Twitter user name and password.”

The combination of an easily exploitable API and list-harvesting ambitions is the dread of every social-network and its users, but after exposing multiple serious vulnerabilities so closely to each other, one would assume that the Twitter workforce has got its attention elsewhere, such as in their advertisement features’ development.

Similar to Twitter, another social-networking giant, LinkedIn, has recently fended off its biggest spam attack so far as reported in this post. This attack’s timing combined with Twitter’s recent blows may not only indicate the potential mass of vulnerabilities and weakness these networks and perhaps even other begin to let slip, but also hint towards a potential connection between the incidents.


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU