Skip the navigation

Twitter flaw gave private message access to third-party apps, researcher says

By Lucian Constantin
January 22, 2013 01:46 PM ET

"They said the issue occurred due to complex code and incorrect assumptions and validations," Cerrudo said in the blog post.

However, Twitter's fix does not seem to apply retroactively. After Twitter fixed the issue, the app Cerrudo was testing that already had access to his account continued to display direct messages despite never receiving authorization from him to do so, he said.

Twitter users should check if any of the apps they authorized in the past also gained access to their direct messages without their knowledge, Cerrudo said. This can be done by reviewing their permissions on the Twitter Settings > Apps page.

Cerrudo decided to make this issue public because it can have serious implications and because Twitter did not issue a public advisory or announcement about it. The company should maintain a dedicated page where it can inform users about security issues, he said.

Twitter did not immediately respond to a request for comment.

Reprinted with permission from IDG.net. Story copyright 2014 International Data Group. All rights reserved.
Our Commenting Policies
Internet of Things: Get the latest!
Internet of Things

Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!