Twitter Subscriptions Information Disclosure
Medium
X
X (Formerly Twitter)
Submitted None
Team Summary
Official summary from X (Formerly Twitter)
Any user could read a target user’s "Subscriber-Only" Tweet, which may also include attached images, without being a subscriber to the user’s profile.
Actions:
Reported by
mirhat
Vulnerability Details
Technical details and impact analysis
**Summary:**
Hi team,
I was scrolling on Twitter connected from US location, and a Tweet appeared on my timeline; I couldn't see the tweet because it is only visible to subscribers. However I was able to extract the images from that tweet even though I'm not a subscriber
**Description:**
A subscriber only tweet of MrBeast appeared on my timeline (which i can't see)
{F2487967}
Clicking on the quotes button revealed the images and the tweet content which should be invisible to me.
**Steps To Reproduce:**
1. Go to https://twitter.com/MrBeast/status/1678121172196630531
1. Ensure that you are not a subscriber therefore cannot see the tweet
1. Click on quotes button and see the tweet and images
## Supporting Material/References:
POC video:
████
## Impact
Information disclosure
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Information Disclosure