A Twitter attack caused thousands of people’s accounts to retweet a single message this week.
But this was apparently only if the original tweet that started the trouble was viewed through TweetDeck, a popular application used to manage Twitter accounts.
The tweet contained a code that exploited a bug in TweetDeck in turn setting off the spontaneous retweets. That code appears in the tweet below:
<script class=”xss”>$(‘.xss’).parents().eq(1).find(‘a’).eq(1).click();$(‘[data-action=retweet]’).click();alert(‘XSS in Tweetdeck’)</script>?
— *andy (@derGeruhn) June 11, 2014
Don’t worry, though. The bug in TweetDeck has apparently since been fixed. So this code should no longer affect Twitter accounts, even if it is viewed through your version of TweetDeck.
Cross-Site Scripting Attack
The incident was the result of a cross-site scripting attack. The attack exploited a vulnerability allowing an outside user to inject a malicious code into the system.
The code was designed to take over, at least temporarily, active “sessions” on Twitter. The more often the coded message was retweeted, the more Twitter users were affected.
At last estimate, at least 87,000 Twitter accounts had been touched by the attack, reports Ars Technica. TweetDeck finally shut its service down to address the issue.
We’ve temporarily taken TweetDeck services down to assess today’s earlier security issue. We’ll update when services are back up. — TweetDeck (@TweetDeck) June 11, 2014
Within an hour, the TweetDeck team reported they had fixed the problem and returned the system to normal.
19-Year-Old Could Be Unintentionally Responsible
The Twitter attack was apparently unintentionally initiated by a 19-year-old from Austria. Using only the names Florian or Firo when chatting with CNN on Twitter, he said he had accidentally discovered the vulnerability.
But while he was trying to warn Twitter, he said others in the online hacker community noticed his communication and used the vulnerability to attack the site.
Twitter trouble image via shutterstock
More in: Twitter