Tweetdeck offline after Twitter XSS attack

Tweetdeck announced (on Twitter, naturally), that it has temporarily taken its services down “to assess today’s earlier security issue.”

The security issue in question is a cross-site scripting (or XSS) attack that let the creative hacker take control of someone’s Tweetdeck remotely.

Creative, because they would have to fit whatever embarrassing and/or security compromising command they wanted you to execute into 140 characters or less.

Initially, Tweetdeck told users that the security issue had been fixed “this morning” (Pacific time, presumably) and that they should log out and log back in.

However, a number of users on the various platforms supported by Tweetdeck reported still being vulnerable to the attacks, even after turning it off and back on again.

Among the attacks circulating on the social network was a script that would retweet itself and post a heart:

Tweetdeck XSS attack retweeting a heart

Others popped up alert boxes that contained helpful messages such as, “Revoke TweetDeck’s Twitter access now!”

There were also less helpful alert messages (via Andreas Lindh):

Unhelpful Tweetdeck XSS alert message

The Tweetdeck team promised to update users when services are back up.

Related security news

SA networks snoopable by design

New bugs found in software that caused ‘Heartbleed’ cyber threat

Reset the Net: take back your online privacy

Who sends e-mail securely in SA?

Warning: Twitter under attack

Don't miss the latest news

• Add MyBroadband as a preferred source in Google Search
• Follow MyBroadband on Google News