Twitter shuts down TweetDeck after XSS bug hack

The social media site took down its service after it started re-tweeting messages with malicious computer code.
By Ananth Baliga  |  June 11, 2014 at 4:15 PM
share with facebook
share with twitter
| License Photo

SAN FRANCISCO, June 11 (UPI) -- Twitter temporarily shut down its TweetDeck program for an hour Wednesday after it was hacked by the XSS bug that could have left user accounts vulnerable.

Users who logged in during the hack saw odd pop-up messages on their screens and the service was randomly re-tweeting messages that possible contained malicious computer code. This after Twitter tried to push a fix earlier in the day to fix a security hole, which did not work.

"A security issue that affected TweetDeck this morning has been fixed. Please log out of TweetDeck and log back in to fully apply the fix," tweeted the company.

An hour later the site was taken down as many users had logged out and logged back in but still faced the same problems. Details of the technical snag are unknown and security experts believe it was a malicious hack.

"That doesn't mean you should rest on your laurels -- after all, information about how to exploit the flaw is out there, and it is easy to imagine how someone could take advantage of it with malicious purposes," security expert Graham Cluley wrote in a blog post.

"Tweetdeck appears to have jumped on this issue and patched it, but we're still seeing it spread like wildfire through Twitter," said Trey Ford, an expert at Rapid7, a security firm based in Boston.

Initially it was reported that the vulnerability affected only the social media site's desktop app running on Google Chrome, but users across other platforms also reported the same issues.

TweetDeck is a free platform available on desktop computers, iPhone, Google's Android devices and the Google Chrome browser that lets users manage their Twitter streams and offers a more friendly view of Twitter feeds.

Related UPI Stories
Trending Stories