Millions Of Users In The Dark When Hijackers Take Down TweetDeck

If you’re an avid user of Twitter’s TweetDeck you may have noticed something was awry this afternoon. The social media site shut down its popular service after discovering users’ account security was at risk.

While the issue has been fixed and TweetDeck is back to running as normal, a “cross-site scripting” vulnerability left millions of users open to account hijacking and other issues Wednesday afternoon, The Guardian reports.

Twitter shut down TweetDeck, a service that provides a web- and app-based interface showing multiple views of different Twitter searchers and users, while the issue was being fixed.

tweet

While most attacks related to the vulnerability simply open warning dialogues on users’ computers, one version created a retweet of itself and spread 38,000 times in two minutes. Another attack changed the font on TweetDeck to Comic Sans.

When the issue was first discovered, the official TweetDeck account claimed the flaw would be fixed if users updated their versions of the program by logged out and then back in to this accounts. However, users continued to report receiving XSS error messages.

Following that failed fix, TweetDeck services were taken down. Now, the issue seems to be fixed and TweetDeck back to running as normal.

The folks over at digg break down just how today’s TweetDeck bug happened by showing how such attacks can be prevented with a few simple defense mechanisms.

Twitter shuts down Tweetdeck after XSS flaw leaves users vulnerable to account hijack [The Guardian]