TweetDeck temporarily brought down by XSS hack

TweetDeck, a popular organization application for Twitter users, was taken offline Wednesday after hackers hit the service with rapid retweets and strange error messages.

TweetDeck
TweetDeck was taken offline on Wednesday after hackers launched an XSS attack. TweetDeck was bought by Twitter for $40 million in 2011.

Popular Twitter organization app TweetDeck was taken offline Wednesday after a hack left users dealing with some confusing messages.

TweetDeck users reported a bug that was retweeting code from fake users. That code then spread the retweeting bug to other users. Other TweetDeck users found strange pop-ups containing messages such as “Yo!” and “Please close now TweetDeck… it is not safe." Major Twitter accounts were affected by the hack, such as BBC Breaking News. One retweet managed to spread 38,000 times in two minutes.

"TweetDeck appears to have jumped on this issue and patched it, but we're still seeing it spread like wildfire through Twitter," says Trey Ford, a security expert at Rapid7, to USA Today.

"This vulnerability very specifically renders a tweet as code in the browser, allowing various cross site scripting (XSS) attacks to be run by simply viewing a tweet. The current attack we're seeing is a "worm" that self-replicates by creating malicious tweets," he adds.

Initially, TweetDeck thought it had patched the security flaw this morning, and asked users to log out and back in to activate the fix. However, as the pop up messages and retweets continued, TweetDeck eventually shut down.

"We've temporarily taken TweetDeck services down to assess today's earlier security issue,” the company tweeted. “We'll update when services are back up."

As of 2:00 pm Eastern, the application was still down, but it seemed to be back up shortly afterward.

TweetDeck is a third-party Twitter platform most frequently used by media organizations and social media professionals. The application allows users to monitor Twitter and post from several different accounts at a time.

TweetDeck was founded in 2008 and was one of the first third-party applications on Twitter to find widespread popularity. Twitter bought TweetDeck, originally a British company, in 2011 for $40 million. Twitter has not yet commented on the hack.

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.