This site uses cookies to improve your experience and to provide services and advertising.
By continuing to browse, you agree to the use of cookies described in our Cookies Policy.
You may change your settings at any time but this may impact on the functionality of the site.
To learn more see our Cookies Policy.
Users of the Twitter client (which is owned by Twitter) began seeing random pop up windows and retweets on their accounts, and a shout went out across the internet:
Wrong!
Tweetdeck wasn’t hacked. It just made a balls of things. Here’s how…
1. A guy in Austria decided to tweet a cute little emoticon
A heart emoticon to be precise.
His name is @Firoxl and he successfully tweeted the heart using HTML code.
Whoops!
We couldn't find this Tweet
2. So what’s the big deal?
@Firoxl had exposed a flaw in the system. He had discovered that using code, anyone could insert computer programme demands via a Tweetdeck tweet.
The flaw is called cross -site scripting and it’s always been possible to do it in Tweetdeck, just not enough people ever noticed before.
He told Tweetdeck and Twitter, and thousands of other people. As CNN reports, he tweeted:
Vulnerability discovered in TweetDeck. \ o /
The hacker community soon caught on. Step in *Andy.
Advertisement
4. Who?
*Andy (@derGeruhn on Twitter) caught on to the Tweetdeck vulnerability and tweeted this out:
His tweet contained code which ordered it to be retweeted by other accounts (including yours truly’s account) and so the mayhem began.
5. And why did people see odd pop ups?
These cross-site scripting flaw discovered by @Firoxl meant that any cheeky divil exploiting the flaw could cause pop-ups to appear. While *Andy’s message was the most prevalent in terms of automatic retweets, other people saw things like:
Tuesday 5 November, 2024
Tuesday 5 November, 2024
Download our app
Explainer: How Tweetdeck made a balls of things in 12 easy steps
YESTERDAY TWEETDECK WAS shut down for a time after a major security flaw was discovered.
Users of the Twitter client (which is owned by Twitter) began seeing random pop up windows and retweets on their accounts, and a shout went out across the internet:
Wrong!
Tweetdeck wasn’t hacked. It just made a balls of things. Here’s how…
1. A guy in Austria decided to tweet a cute little emoticon
A heart emoticon to be precise.
His name is @Firoxl and he successfully tweeted the heart using HTML code.
Whoops!
We couldn't find this Tweet
2. So what’s the big deal?
@Firoxl had exposed a flaw in the system. He had discovered that using code, anyone could insert computer programme demands via a Tweetdeck tweet.
The flaw is called cross -site scripting and it’s always been possible to do it in Tweetdeck, just not enough people ever noticed before.
Tweetdeck made a balls of things.
3. @Firoxl did the responsible thing
He told Tweetdeck and Twitter, and thousands of other people. As CNN reports, he tweeted:
The hacker community soon caught on. Step in *Andy.
4. Who?
*Andy (@derGeruhn on Twitter) caught on to the Tweetdeck vulnerability and tweeted this out:
His tweet contained code which ordered it to be retweeted by other accounts (including yours truly’s account) and so the mayhem began.
5. And why did people see odd pop ups?
These cross-site scripting flaw discovered by @Firoxl meant that any cheeky divil exploiting the flaw could cause pop-ups to appear. While *Andy’s message was the most prevalent in terms of automatic retweets, other people saw things like:
Whoops!
We couldn't find this Tweet
Whoops!
We couldn't find this Tweet
6. Some pretty big accounts were affected
Like BBC News, with its 10.1 million followers.
7. Tweetdeck soon copped on
Whoops!
We couldn't find this Tweet
8. And so did everyone else
9. And soon people began copping on to Tweetdeck’s big boo-boo, and taking the pi**
Whoops!
We couldn't find this Tweet
10. Tweetdeck fixed everything and said sorry
11. *Andy gained a whole heap of followers
12. And you don’t need to change your Tweetdeck password
Just log in and log out again to make sure the update is in place.
Read: Tweetdeck takes service down after security flaw was discovered>
Apple for dopes: 11 things to know about the new iPhone announcements>
To embed this post, copy the code below on your site
Austria emoticon Fail Hacked Hacking self-retweeting tweet TweetDeck tweetdeck hacked XSS