Oops! Now-fixed Twitter vulnerability made it easy as pie to steal passwords

twitter code

According to TheNextWeb, a dangerous flaw in the design of a Twitter page was enabling plain text passwords to be passed from the user to Twitter’s servers. In other words, a hacker wouldn’t have had to do much to intercept your private login information.

The security vulnerability was caught by Zohar Alon, CEO of cloud security company Dome9. The issue stems from what looks like an oversight on Twitter’s part for forgetting to use the HTTPS protocol in the drop down login menu on the detail page of a tweet. If you’ve ever logged in through a page that displayed a standalone expanded tweet on Twitter’s site, you were logging in by sending plain, unencrypted text passwords to Twitter’s servers.

twitter is unsecure

HTTPS, unlike HTTP, facilitates “secure” logins that obstruct man-in-the-middle attacks. This way hackers can’t intercept your login information in between the time that you click on “Sign In” and Twitter’s servers receive the login request.

Facebook started switching its users over to HTTPS from HTTP in November in an effort to improve its security efforts, at the risk of a slight lag in performance. The lag, at least for us, is unnoticeable — and the benefit of keeping your account safe seems to far outweigh it. 

TheNextWeb reports that Twitter “looked at the potential vulnerability and addressed it,” which we assume means the team has patched the hole. What’s unclear though is if anyone has taken advantage of this vulnerability, and Twitter isn’t sure how long this vulnerability has been available to hackers. 

In many instances Twitter has been notorious for failing to respond to obvious security issues. Between the rampant spam bots and breaking in and selling off of accounts, the social network has had its hands full. 


Instagram tool accidentally exposes user passwords. Were you affected?

Instagram's Download Your Data tool accidentally exposed the passwords of a small number of users. Here is the explanation on what happened, and how to find out which Instagram accounts were compromised.

Lost your router? Here's how to find its IP address to help track it down

Changing the login information for your router isn't always easy, that's why so many have that little card on the back. But in order to use it, you need to know where to go. Here's how to find the IP address of your router.

Latest SMS breach could allow hackers access to your online accounts

A new security breach that exposed more than 26 million text messages could be a huge nightmare for users relying on two-factor authentication. Many of the SMS on the database contained security codes and account reset links.

iPhone users are finding themselves randomly locked out of their Apple ID

According to posts on Reddit and Twitter, it looks like users on Reddit and Twitter having some issues with their Apple accounts. Specifically, it seems as though users are getting randomly locked out of their Apple IDs.
Smart Home

Facebook's Alexa-enabled video-calling devices begin shipping

Facebook's Portal devices are video smart speakers with Alexa voice assistants built in that allow you to make calls. The 15-inch Portal+ model features a pivoting camera that follows you around the room as you speak.
Social Media

Vine fans, your favorite video-looping app is coming back as Byte

Vine fans were left disappointed in 2017 when its owner, Twitter, pulled the plug on the video-looping app. But now one of its co-founders has promised that a new version of the app, called Byte, is coming soon.

Social media use increases depression and anxiety, experiment shows

A study has shown for the first time a causal link between social media use and lower rates of well-being. Students who limited their social media usage to 30 minutes a day showed significant decreases in anxiety and fear of missing out.
Social Media

Twitter boss hints that an edit button for tweets may finally be on its way

Twitter has been talking for years about launching an edit button for tweets, but it still hasn't landed. This week, company boss Jack Dorsey addressed the matter again, describing a quick-edit button as "achievable."
Social Media

‘Superwoman’ YouTuber Lilly Singh taking a break for her mental health

Claiming to be "mentally, physically, emotionally, and spiritually exhausted," popular YouTuber Lilly Singh has told her millions of fans she's taking a break from making videos in order to recuperate.
Social Media

Facebook is rolling out a Messenger ‘unsend’ feature, and here’s how to use it

Facebook is starting to roll out a "remove message" feature for its Messenger app. It lets you delete a message in a thread within 10 minutes of sending it, and replaces it with a note telling recipients that it's been removed.
Social Media

Going incognito: Here's how to appear offline on Facebook

How do you make sure your friends and family can't see if you're on Facebook, even if you are? Here, we'll show you how to turn off your active status on three different platforms, so you can browse Facebook without anyone knowing.
Social Media

Build a wish list and shop videos with Instagram’s latest shopping update

Eyeing a product on Instagram? Now there are more ways to shop from the social network. Instagram just rolled out options to save products in a collection as users can also now shop from videos.
Social Media

Addicted to Instagram? Its new ‘activity dashboard’ is here to help

Ever get that nagging feeling you're spending too much time on Instagram? Well, a new "activity dashboard" has a bunch of features designed to help you better control how you use the addictive photo-sharing app.
Product Review

It's not a spy, but you still won't want to friend Facebook's Portal+

Facebook has jumped into the smart home game with the Portal+, a video-calling device featuring an Amazon Alexa speaker and a screen. While it has lots of cool calling features, we’re weary of Facebook taking up counter space in our home.