Thousands of Twitter accounts were affected earlier today by hackers taking advantage of a security flaw in the popular micro-blogging website. By exploiting the “onMouseOver” JavaScript function, malicious coders discovered that they could make messages and third party websites pop up when users hovered their cursors over certain links. This type of bug is particularly nasty because users don’t even have to click on the dodgy links to activate them.The reason the virus spread so incredibly quickly? It was self-replicating: the links automatically re-tweeted themselves when activated, publishing them to all the users following an infected account.
In their coverage of the attack, the BBC named Sarah Brown, the wife of the former Prime Minister, as one of the victims. Here at Organic Development, Ross was the first to notice that something was amiss:
“I logged into my Twitter account and noticed a lot of people were re-tweeting a link which concealed who originally tweeted it. When I hovered over the link, my screen went black so I couldn’t interact with my Twitter at all.”
Third party tweeting websites such as TweetDeck and HootSuite were not affected.
A few hours ago, Twitter announced: “The XSS attack should now be fully patched and no longer exploitable. Thanks, those reporting it.” However, it remains to be seen whether or not this is the last time Twitter gets infected.
Comments (0)