Twisted Twitterers: TweetDeck is Hacked

Twitter shut down its popular TweetDeck application Wednesday after a code fix that was supposed to plug a security vulnerability failed.

The company issued a notice saying "We've temporarily taken TweetDeck services down to assess today's earlier security issue. We'll update when services are back up."

Earlier in the day Twitter pushed out a code fix that was supposed to close the security hole but did not.

At that point the company tweeted out "A security issue that affected TweetDeck this morning has been fixed. Please log out of TweetDeck and log back in to fully apply the fix."

Less than thirty minutes later, the site was taken down.

TweetDeck is a social media dashboard application that allows users to manage multiple Twitter streams at once.

The vulnerability allows attackers to place computer code in a tweet which, once inside of Tweetdeck, allows it to run actions and be re-tweeted to other accounts. An example:

The vulnerability appears to only have affected the app's desktop program that runs inside Google's Chrome browser.

As the script activated within TweetDeck's plugin, it would RT the script, pushing any followers also using TweetDeck inside Chrome to auto-trigger the retweet, sending out the message verbatim to the account's following, and pop a message up showing "XSS in Tweetdeck" - rather like the hacker thumbing their nose at Twitter and TweetDeck.


To find out more about Facebook commenting please read the
Conversation Guidelines and FAQs

Leave a Comment