TweetDeck Briefly Shuts Down in Response to Security Flaw

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

TweetDeck briefly disabled its service yesterday in response to an XSS (cross-site scripting) vulnerability (h/t Computerworld).

At 9:30am on July 11, 2014, TweetDeck announced, "A security issue that affected TweetDeck this morning has been fixed. Please log out of TweetDeck and log back in to fully apply the fix."

Thirty minutes later, TweetDeck added the following: "We've temporarily taken TweetDeck services down to assess today's earlier security issue. We'll update when services are back up."

One hour after that, TweetDeck tweeted, "We've verified our security fix and have turned TweetDeck services back on for all users. Sorry for any inconvenience."

"TweetDeck appears to have jumped on this issue and patched it, but we're still seeing it spread like wildfire throughout Twitter," Rapid7 security strategist Trey Ford said in a statement. "This vulnerability very specifically renders a tweet as code in the browser, allowing various cross-site scripting (XSS) attacks to be run by simply viewing a tweet. The current attack we're seeing is a 'worm' that self-replicates by creating malicious tweets."

Softpedia notes that one message from Twitter user @derGeruhn was automatically retweeted more than 35,000 times.