Quantcast

Major Security Flaw Discovered (and Exploited) on Twitter

Twitter Fixing the Issue, But Has to Roll Out Patch

Get the WebProNews Newsletter:


[ Social Media]

Update: Twitter has addressed the issue on the main company blog:

The short story: This morning at 2:54 am PDT Twitter was notified of a security exploit that surfaced about a half hour before that, and we immediately went to work on fixing it. By 7:00 am PDT, the primary issue was solved. And, by 9:15 am PDT, a more minor but related issue tied to hovercards was also fixed. 

The longer version of the story can be read on the blog

Original Article: A security flaw on Twitter.com has been exposed, which lets users post  onMouseOver JavaScript code to make content pop-up right on the site. 

"Messages are also spreading virally exploiting the vulnerability without the consent of users," says security expert Graham Cluley at Sophos. "Thousands of Twitter accounts have posted messages exploiting the flaw. Victims include Sarah Brown, wife of the former British Prime Minister."

Brown’s account was displaying a Japanese porn site. "That’s obviously bad news for her followers – over one million of them," says Cluley, who created the following video about the flaw:

A post on the Twitter status blog, from 12 minutes ago, indicates they have things under control. "We’ve identified and are patching a XSS attack; as always, please message @safety if you have info regarding such an exploit," it says.  

Twitter still has to roll the patch out though. That could take a while to be completed, so consider that. The blog will be updated when the roll-out is complete.

Major Security Flaw Discovered (and Exploited) on Twitter
Top Rated White Papers and Resources
  • http://gnampf.blogspot.com/ Bernd

    The massive use of javascript for #NewTwitter may have played a decisive role.

  • Join for Access to Our Exclusive Web Tools
  • Sidebar Top
  • Sidebar Middle
  • Sign Up For The Free Newsletter
  • Sidebar Bottom