Dublin: 6 °C Tuesday 4 March, 2025
Advertisement
Trending:

Tags

See other tags

Tags

Explainer: How Tweetdeck made a balls of things in 12 easy steps

It wasn’t hacked. And you don’t need to change your password.

Jun 12th 2014, 9:52 AM 13,910 Views 7 Comments

YESTERDAY TWEETDECK WAS shut down for a time after a major security flaw was discovered.

Users of  the Twitter client (which is owned by Twitter) began seeing random pop up windows and retweets on their accounts, and a shout went out across the internet:

hacked

Wrong!

Tweetdeck wasn’t hacked. It just made a balls of things. Here’s how…

1. A guy in Austria decided to tweet a cute little emoticon

A heart emoticon to be precise.

169px-Heart_corazón.svg

His name is @Firoxl and he successfully tweeted the heart using HTML code.

2. So what’s the big deal?

@Firoxl had exposed a flaw in the system. He had discovered that using code, anyone could insert computer programme demands via a Tweetdeck tweet.

The flaw is called cross -site scripting and it’s always been possible to do it in Tweetdeck, just not enough people ever noticed before.

Tweetdeck made a balls of things.

whoops-3 Source: Thejournal

3. @Firoxl did the responsible thing

He told Tweetdeck and Twitter, and thousands of other people. As CNN reports, he tweeted:

Vulnerability discovered in TweetDeck. \ o /

The hacker community soon caught on. Step in *Andy.

4. Who?

*Andy (@derGeruhn on Twitter) caught on to the Tweetdeck vulnerability and tweeted this out:

andy

His tweet contained code which ordered it to be retweeted by other accounts (including yours truly’s account) and so the mayhem began.

5. And why did people see odd pop ups?

These cross-site scripting flaw discovered by @Firoxl meant that any cheeky divil exploiting the flaw could cause pop-ups to appear. While *Andy’s message was the most prevalent in terms of automatic retweets, other people saw things like:

6. Some pretty big accounts were affected

Like BBC News, with its 10.1 million followers.

bbc Source: @TomScott

7. Tweetdeck soon copped on

8. And so did everyone else

9. And soon people began copping on to Tweetdeck’s big boo-boo, and taking the pi**

10. Tweetdeck fixed everything and said sorry

Forgive-me-GIF Source: Gifsec

11. *Andy gained a whole heap of followers

12. And you don’t need to change your Tweetdeck password

Just log in and log out again to make sure the update is in place.

cheering_minions Source: Reactiongifs

Read: Tweetdeck takes service down after security flaw was discovered>

Apple for dopes: 11 things to know about the new iPhone announcements>

About the author:

About the author
Emer McLysaght
@EmerTheScreamer
emer@dailyedge.ie

Contribute to this story:

Send a Correction

Read next:

COMMENTS (7)

    About Us

    Follow Us

    Corrections

    Policies

    Content copyright © Journal Media Ltd. 2025 Registered in Dublin, registration number: 483623. Registered office: 3rd floor, Latin Hall, Golden Lane, Dublin 8.

    TheJournal.ie supports the work of the Press Council of Ireland and the Office of the Press Ombudsman, and our staff operate within the Code of Practice. You can obtain a copy of the Code, or contact the Council, at www.presscouncil.ie, PH: (01) 6489130, Lo-Call 1890 208 080 or email: info@presscouncil.ie
     

    Please note that TheJournal.ie uses cookies to improve your experience and to provide services and advertising. For more information on cookies please refer to our cookies policy.

    News images provided by Press Association and Photocall Ireland unless otherwise stated. Irish sport images provided by Inpho Photography unless otherwise stated. Wire service provided by Associated Press.

    Journal Media does not control and is not responsible for user created content, posts, comments, submissions or preferences. Users are reminded that they are fully responsible for their own created content and their own posts, comments and submissions and fully and effectively warrant and indemnify Journal Media in relation to such content and their ability to make such content, posts, comments and submissions available. Journal Media does not control and is not responsible for the content of external websites.

    Switch to Mobile Site

    Sites: TheJournal.ie | Noteworthy | The 42 | Boards.ie | Adverts.ie | Daft.ie