Update: Your Twitter Account is Still in Jeopardy
Update: There is now a video up on Dave Naylor’s blog about the Twitter exploit, which I have embedded below. Meanwhile, Twitter has yet to respond to the issue via either the Official Twitter Blog or the Twitter Status Blog. They were kind enough to post a Ryan Seacrest video however.
Original Article: James Slater, writing on UK search marketer Dave Naylor’s blog, uncovered a huge security issue with Twitter, and that issue has yet to be corrected. The skinny of it is if you tweet through Twitter.com, you may be putting your account in jeopardy.
According to Slater (and the issue has been acknowledge by Twitter, just not fixed), anyone who simply sees your tweets from when you’re logged into Twitter, can run some code inside your browser and take over your account, which can lead to malware spreading, impersonation, or whatever you can imagine.
That’s not good.
Slater suggests the following steps for prevention:
– If you’re not logged in to Twitter, there’s no opportunity to steal your details or impersonate you, however malicious code could still send you to other websites or otherwise annoy you, so it doesn’t completely fix the problem.
– Unfollow anyone you don’t know or don’t trust that could be exploiting this. Who’s to say they’re not already stealing your details? If you don’t see their tweets they can’t harm you.
– If you use something other than the Twitter website to view your tweets, you should be fairly safe, though without looking at each one individually it’s hard to be sure. Still, you’re likely to be pretty safe this way.
Slater discovered the problem yesterday, and Twitter responded claiming to have fixed it, but Slater proved them wrong, and Twitter has yet to respond again. No posts yet on the Official Twitter blog about this issue, and not even on the Twitter Status blog. I would imagine that will change as this story is circulated more and more throughout the tech industry.
Hopefully they will have the problem fixed soon, before too many people take advantage of it. More of the technical details about what is happening can be found in Slater’s explanation.