Twitter Cuts Widget Feature Due to Account Hijacking Fears

Twitter has disabled a widget based on Adobe’s Flash Player after a security analyst notified the micro-blogging site of a weakness that left account login details exposed to hackers.

The security scare follows Twitter banning the use of 370 passwords that were deemed too obvious for hackers to crack.

The Flash-based widget was widely used by people wanting to display their tweets on their own websites.

Users of similar javascript widgets are unaffected by the security risk, with Twitter recommending Flash users make the switch as an alternative option.

“We’ve been notified about a vulnerability in our Flash widget and out of an abundance of caution we’ve disabled access as we assess the situation,” Twitter’s staff said in a status update.

Despite this action, the configuration error reportedly stems from a basic programming mistake back in 2006.

Mike Bailey, a senior security analyst with US-based company Foreground Security, said that the problem exploits a widely known vulnerability in the Adobe Systems Flash programming language.

“This is not Adobe’s fault,” Mr Bailey said.

“This is due to the fact that a lot of really bad programmers are coding Flash objects. I’ve seen literally hundreds of these things across the web.”

Adobe had previously released instructions to programmers on how to avoid the flaw. However, many people have failed to follow these recommendations, resulting in thousands of websites being affected by buggy Flash files.

At present, no known Twitter accounts have been affected by the vulnerability, but Mr Bailey said that if hackers had exploited the flaw, “it would be impossible to know.”

Have you been affected by a Twitter security breach? Leave us a comment and let us know.

This post was written by:

- who has written 489 posts on UK Gadget and Tech News, Reviews and Shopping.

I love shiny things with flashing lights except furbys.


Leave a Reply

Security Code: