Security researchers hijack celebrity Twitter accounts, and prove claimed fix failed
Twitter is claiming to have resolved a bug that allowed a group of London-based security researchers to post unauthorised tweets to the accounts of British celebrities and journalists. But the hackers who initially disclosed the vulnerability says that’s complete rubbish.
A Twitter spokesperson told reporters on Friday that it had “resolved a bug that allowed certain accounts with a connected UK phone number to be targeted by SMS spoofing.” But during a conversation with Gizmodo, the hackers who posted the unauthorised tweets to celebrity accounts appeared to reproduce the experiment after Twitter made its claim.
The Guardian had reported earlier in the day that the bug had been resolved citing the same statement provided to Gizmodo. Pressed for an explanation, Twitter would only say that it is still investigating the matter to ensure its “account security protocols are functioning as expected.”