Paradigm researcher samczsun issued a warning on X (formerly Twitter), stating that there is a serious vulnerability on the platform. This vulnerability allows hackers to take full control of a user’s account by simply tricking them into clicking a link, enabling them to post, retweet, like, block, etc. (but not change the password).
samczsun recommended that, until the issue is officially resolved, users should protect themselves by installing external browser extensions like uBlock Origin. Additionally, samczsun emphasized that those who frequently use mobile browsers to access X may consider using the app or temporarily avoiding the platform as they cannot install extensions.
Update as of 13:01 on December 13, 2023:
Paradigm researcher samczsun has confirmed that the security vulnerability on X platform, which was reported earlier, has been fixed. The technical summary shared regarding the vulnerability stated: “Reflected XSS (Cross-Site Scripting) and CORS/CSP bypass in Twitter subdomains allow locally authenticated users to make arbitrary requests to the Twitter API.”