A flaw in Twitter’s website has left the login credentials of its users vulnerable to hackers, according to a security researcher who has asked the social media company to fix the problem.
Mike Bailey, a senior security analyst with Foreground Security of Orlando, Fl., said he discovered the problem, which exploits a widely known vulnerability in Adobe Systems’s Flash programing language.
Bailey said he informed Twitter of the flaw and it could take as little as a few hours to fix by changing the way the site is programed.
Adobe (NASDAQ: ADBE) has told programmers how to address the vulnerability, which was first discovered in 2006, he added, but noted the operators of many websites have failed to respond to the warnings from Adobe.
As the microblogging site’s popularity has grown, it has become a prime target for hackers looking to spread malicious software to Twitter’s millions of users.
“As simple as the attack is, I’ve been finding them all over the place,” Bailey said.
Officials with Twitter and Adobe could not be reached for comment.
A hacker last month briefly hijacked the Twitter site and redirected it to one that claimed to represent a group calling itself the Iranian Cyber Army. That high-profile attack — by a perpetrator who stole credentials to the account that Twitter uses to route its traffic — did not compromise credentials of any Twitter users.
Bailey said his analysis of the Twitter site showed that it could have been vulnerable to attacks for more than a year, but that it was impossible to know whether hackers had actually exploited the Adobe flaw.
He is scheduled to discuss his research on the Twitter flaw at the Black Hat D.C. security research conference in Washington, which begins on Feb. 2.