Twitter Knew of Leak Two Years Ago, Did Nothing

A flaw in Twitter’s security was recently discovered, one that would have allowed malicious actors to uncover the country codes of users on the social media platform. This was clearly a security risk, one that made it very difficult indeed for people in sensitive situations to feel safe on the platform anymore. While initially it was thought that Twitter learned of and fixed the problem within a single day, it has recently been revealed that the social media platform had been warned that such a leak could occur no less than two years ago.

This warning was given by a security analyst by the name of Peerzada Fawad Ahmad Qureshi through Twitter’s own bug reporting feature, HackerOne. In spite of the warning he gave, Qureshi was told that the problem would not be dealt with because it did not pose a big enough risk. It seems like Twitter has made a terrible mistake now that we know that the flaw was used by malicious actors to try and figure out where certain individuals in sensitive locations were hiding.
Related: The 21 biggest data breaches of 2018
The fact that Twitter had been warned and still chose to do nothing shows extreme irresponsibility on the part of the social media platform. This year has seen a number of social media platforms being held accountable for how they were treating user privacy, and Twitter’s current misstep seems perfectly in line with the catch-me-if-you-can mentality with which most social media sites seem to be running these days.

Social media platforms really need to up their game when it comes to protecting user security and privacy. It is their responsibility as collectors of data. One good step in the right direction would be to take all bug reports as seriously as possible, no matter how trivial they might seem.

Twitter warned of phone country code leak 2 years ago — but did nothing, security researcher informs
Image: Anushree Fadnavis / Reuters

Read Next: What Apple, Amazon, Google, Facebook, Microsoft and Twitter Know About You (Infographic)

No comments:

Post a Comment