A password reset flaw allowed hacker to hijack numerous Twitter accounts from their original owners.
Twitter followers of @god, @emoji, and @vagina were in for surprise today when their favourite Twitter accounts started tweeting spam.
@God who has around 180,000 followers normally tweets memes however the new owners hijacked it to tweet spam. The last tweet mentions that they had hijacked the account — “recreating hotmails” — and thanks Twitter for the “0day,” hacker slang for a vulnerability that is immediately exploitable.
Many of Twitter users were stunned to get these tweets. According to multiple accounts on Twitter, a flaw occurred when users tried to reset a password, and the social network then showed users the full email address associated with the account. (Normally, it is partially asterisked out.)
Using the Twitter handle and the email address behind it, hackers can take control of the Twitter handle. Another Twitter user called @bluedream seemed to confirm the bug causing the mass hackings.
Though he could not hack any Twitter handle himself. Another Twitter user corroborates this.
@Vagina also appears to have been hijacked. Its only tweet, sent seven hours ago, is “I’m a big fat juicy p***y,” and the tweet has been retweeted by other users talking about the bug.
The bug seems to have been patched as of now. Twitter is yet to comment on the issue.