Security Alert: Word Press Plugin Leaks Access TokensDamien Moye
So WordPress, the popular blogging forum, has a plugin. A plugin is something you can add to any IT support system to make it better. But one plugin suffers a severe setback. This is a security alert: Word Press plugin leaks access tokens.
So the name of the plugin is Social Network Tabs. Like most websites nowadays, they use access tokens. Access tokens securely holds your login and password info to your and only your device. This is good for those of us who can’t remember every password of every sit. So I’m assuming that’s the majority of us. However, French security expert Elliot Alderson found a venerable spot.
Alerson tested 539 websites with the troubling plugin by using code search engines. Then, he wrote a script that let him access 400 Twitter accounts. Then he used those accounts to ‘favor’ a tweet literally a hundred times over. Sounds complicated? Well, this test proved that with this manipulations, a hacker can take over these Twitter accounts. Some of his tests include a sheriff’s office in Florida and an Oklahoma casino, among others. Twitter responded. They advised Twitter users to stop using Social Network Tabs and change their passwords ASAP. They also removed this plugin from their IT service system.
Yes, Word Press plugin leaks access tokens. But let me be clear. As far as I know, nobody has reported any major theft, hacking, or any other damage because of this. However, in this day and age, we need to be informed of any threats that may come through. So take Twitter’s advice. Leave Social Network Tabs, change your passwords, and if you can, memorize your passwords so you don’t even have to use access tokens. It’s also good to change your password once in a while. I know it’s a chore and quiescence, but what’s the alternative?