
"Thermonuclear"-level vulnerability hits Twitter—can hackers take control of your account?
TechFlow Selected TechFlow Selected

"Thermonuclear"-level vulnerability hits Twitter—can hackers take control of your account?
How to prevent it? If you come across an extremely long link on X (formerly Twitter), don't click it! If you不幸 fall victim, immediately change your password.
Authors: shingle, Frank, Foresight News
Latest update: Paradigm researcher samczsun has tweeted again stating that the Twitter vulnerability has been fixed. The technical summary indicates that a reflected XSS and CORS/CSP bypass in a Twitter subdomain allowed arbitrary requests to the Twitter API as an authenticated local user.
Original report: This morning, Chaofan Shou, a Ph.D. student at UC Berkeley, disclosed via Twitter that a previously unpatched vulnerability exists in Twitter. Subsequently, Paradigm researcher samczsun referenced Chaofan Shou’s findings, noting that if a user clicks on a malicious link prepared by an attacker, the attacker could gain full access to the user's Twitter account—including the ability to post tweets, retweet, like, block accounts, and more.

At the time of writing, Twitter has not issued an official statement regarding this issue. Foresight News provides a brief analysis below of the attack mechanism behind this vulnerability, along with security guidance and preventive measures for general users.
Vulnerability Attack Mechanism
The exposed vulnerability in Twitter is an XSS (cross-site scripting) attack, specifically a type of code injection attack—attackers can pre-construct website links containing malicious code; once clicked by a user, the malicious code executes within the webpage.
In the example provided, the malicious code is executed after being base64-encoded, ultimately running alert('XSS PoC here').
When a user visits such a malicious link, the browser executes the script, resulting in a pop-up displaying the string:

How Can Users Protect Themselves?
Since these malicious scripts must be embedded directly into URLs, the resulting links tend to be unusually long.
Therefore, users should avoid clicking extremely long links while browsing Twitter. If you still wish to view the content, copy the link and open it in your browser’s private/incognito mode.
In short, never click suspicious long links in a browser where you are logged into your Twitter account.

If you accidentally fall victim to such an attack, immediately change your Twitter password. The most valuable asset for attackers in this scenario is your Twitter auth_token, and changing your password will invalidate any existing auth_tokens.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News










