Apparently, Twitter's media sharing tool, the Twitter Ad Studio had a bug, which allowed hackers to tweet from other accounts and even delete photos and videos from their feed without having to crack their passwords. What's more, the users won't even come to know that their Twitter accounts have been infringed.
The micro-blogging site introduced the Studio tool back in September 2016, in order to let publications post videos from desktops more conveniently. However, some researchers have found a huge loophole in Twitter's product and its security protocols. Twitter was quick to acknowledge the problem by stating, "By sharing media with a victim user and then modifying the post request with the victim's account ID the media in question would be posted from the victim's account."
Courtesy of a blog post published by Anand Prakash, the bug came into light. The blog post has explained the issue briefly and he is said to have discovered the next day of Studio's launch. After finding the flaw, he tried it on someone's account. However, you don't have to get worried about it.
As a report by Gizmodo, Twitter has already taken necessary steps to fix the bug. Prakash was even paid around $5,000 by the social network platform for bringing the issue to their notice.
None of the Twitter accounts was affected by the bug since the tool was made available to a limited number of whitelisted users initially. So by the time the Studio tool reached more number of people, the bug was already fixed by Twitter.
"This bug was patched immediately after being triaged and no evidence was found of the flaw being exploited by anyone other than the reporter," added Twitter.