Update: Your Twitter Account is Still in Jeopardy

Huge Security Hole Uncovered

Get the WebProNews Newsletter:

[ Social Media]

Update: There is now a video up on Dave Naylor’s blog about the Twitter exploit, which I have embedded below. Meanwhile, Twitter has yet to respond to the issue via either the Official Twitter Blog or the Twitter Status Blog. They were kind enough to post a Ryan Seacrest video however.

Original Article: James Slater, writing on UK search marketer Dave Naylor’s blog, uncovered a huge security issue with Twitter, and that issue has yet to be corrected. The skinny of it is if you tweet through Twitter.com, you may be putting your account in jeopardy.

James SlaterAccording to Slater (and the issue has been acknowledge by Twitter, just not fixed), anyone who simply sees your tweets from when you’re logged into Twitter, can run some code inside your browser and take over your account, which can lead to malware spreading, impersonation, or whatever you can imagine.

That’s not good.

Slater suggests the following steps for prevention:


- If you’re not logged in to Twitter, there’s no opportunity to steal your details or impersonate you, however malicious code could still send you to other websites or otherwise annoy you, so it doesn’t completely fix the problem.

– Unfollow anyone you don’t know or don’t trust that could be exploiting this. Who’s to say they’re not already stealing your details? If you don’t see their tweets they can’t harm you.

– If you use something other than the Twitter website to view your tweets, you should be fairly safe, though without looking at each one individually it’s hard to be sure. Still, you’re likely to be pretty safe this way.

Slater discovered the problem yesterday, and Twitter responded claiming to have fixed it, but Slater proved them wrong, and Twitter has yet to respond again. No posts yet on the Official Twitter blog about this issue, and not even on the Twitter Status blog. I would imagine that will change as this story is circulated more and more throughout the tech industry.

Hopefully they will have the problem fixed soon, before too many people take advantage of it. More of the technical details about what is happening can be found in Slater’s explanation.

Update: Your Twitter Account is Still in Jeopardy
Top Rated White Papers and Resources
  • http://blog.hichamaged.net/ Hicham Maged

    I just wonder whether this alarm can accelerate the process of acquistation of ‘Twitter’ by any company for the sake of improving security and funding?!

  • http://www.LAokay.com Steve

    I think the most common attack we can expect is people clicking on a link in a tweet and be fooled into thinking they’re back on a twitter page, but somehow logged out and they then put in their user name and password in what looks exactly like a twitter login page and then their account is stolen because they gave their credentials up.

    Always check to make sure you see www.twitter.com in the url before you enter your credentials for logging into twitter, or that at least the root domain name is twitter.com.

    It’s a lame low tech way to hack an account, but it worked on a few of my friends on myspace.com because they weren’t paying attention.

    • http://www.scriptbloggers.com Soroush

      I think the security risk reported here isn’t about spoofed urls. I believe it is javascript injections which means I can put a javascript code as my tweet and anyone who is following me will see my message which in this case is a piece of code and will get launched just by logging into their accounts (tweeter publishes my tweets on their page because they are following me) without having any input because javascript is native to most browsers. Then since the domain is still twitter.com that piece of code has access to all the cookies twitter has set on your machine which your authentication cookie is one of them. As said in the article, if you want to be on the safe side do not log into your account till the problem is resolved.

  • http://www.dotCOMReport.com DotCOMReport

    Twitter’s number one concern should be keeping their users safe from security breaches. Hopefully they will get on the ball and fix it.

  • http://www.bikeshopcastlehill.com.au Home Solar Power Systems

    Shocking news!! Hope that Twitter will never, ever repeat this again

  • http://www.silver-artz.co.uk Lesley

    Just logged into my twitter account this morning to be greeted by about 20 new followers all tweeting the same thing “How is it? , ok this one is safe for work” All from females which I can only assume are porn related. I am not even going to check what this is all about. How can twitter let this happen do they even monitor members? They need to sort themselves out!

  • Join for Access to Our Exclusive Web Tools
  • Sidebar Top
  • Sidebar Middle
  • Sign Up For The Free Newsletter
  • Sidebar Bottom