A young British security consultant may have done his career some good by finding a significant bug in Twitter during his spare time. The problem was fixed by Twitter just ahead of its £17 billion flotation last week.
Twenty-year-old Henry Hoggard, a junior security consultant with Basingstoke-based MWR InfoSecurity, found the vulnerability last Sunday (3 November), which allowed him to bypass Twitter's authentication system and gain control of Twitter's own account.
Hoggard told SC Magazine UK the flaw allowed him to “add my mobile number to their Twitter account - effectively allowing me to control it via SMS so I had access to direct messages. I could Tweet from their account if I wanted to.” The bug could have allowed a hacker to take control of other users' accounts. Twitter has around 230 million users worldwide.
Hoggard reported the problem to Twitter who fixed it within six to seven hours. “They are the best company I have ever dealt with in response to a bug like that,” Hoggard said. A few days later Twitter floated on the New York Stock Exchange.
Hoggard said his spare-time bug-finding “wasn't job related, it was just out of interest”. Asked if the discovery had raised his profile at MWR, he remained grounded: “A few people have said well done,” he said.