Twitter turns off Tweetdeck to ‘assess’ JavaScript security breach

If you’re a Tweetdeck user and can’t login right now — there’s a reason. The service’s webapp contained a vulnerability that let it run scripts embedded in tweets; just reading a tweet could cause a popup to appear on your screen, redirect you to another website, hijack your account or even cause you to retweet something without knowing. Since Tweetdeck is used by many of the social media managers for widely-followed accounts, a flaw that spreads itself could quickly replicate across the service.The official Tweetdeck account claimed the vulnerability was fixed earlier, but that doesn’t appear to have worked, and as a result, Twitter has taken the service down “to assess today’s earlier security issue.” Even though you can’t login right now, it would probably be a good idea to revoke the service’s access to your account entirely until things are resolved.

[Image credit: Simon Dawson/Bloomberg via Getty Images]

We’ve temporarily taken TweetDeck services down to assess today’s earlier security issue. We’ll update when services are back up.

– TweetDeck (@TweetDeck) June 11, 2014

Oh dear. That Tweetdeck XSS vulnerability is RT-ing stuff… its just hit @BBCBreaking! pic.twitter.com/8siffmsFxi

– Matt Navarra (@MattNavarraUK) June 11, 2014

@astroehlein tweetdeck is not stripping out dangerous scripting code from tweets. So you can run JavaScript in the context of another user

– Chris Williams (@diodesign) June 11, 2014

Filed under: Internet

Comments

Source: Tweetdeck (Twitter)