Tweetdeck’s vulnerability episode: we’ve been hit, too


Just about an hour ago or so, we just had quite an episode with Tweetdeck, which is used by all the big media companies such as the NYTimes to manage their twitter accounts. A new vulnerability in Tweetdeck allowed attackers to remotely execute JavaScript code and cause mayhem. Thankfully the episode had a happy ending with the Tweetdeck team swiftly solving the issue.

How much mayhem did this vulnerability cause in that brief time? Thankfully, nothing hardcore – compromised accounts simply retweeted a few lines of code, setting off the same reaction in any account that was monitoring them at the time. Quite a few major accounts all over the world appear to have been hit, including our own humble twitter handle. Our experience with it varied – it can either be as simple as an annoying pop window saying “Yo!” to one that appears and then causes your entire PC to crash.

tweetdeck hack

After it was discovered, Twitter originally reported saying that this vulnerability issue was fixed by simply logging out and logging back in. However, a few minutes later Tweetdeck services went down in order to properly assess the vulnerability. This we are guessing was because it was still active since we got hit even after Twitter’s announcement.

It was just announced that the Tweetdeck team has finished their assessment, which shows that the fix has worked and the app is back online. All’s well that ends well: kudos to the Tweetdeck team for a swift response.




Please enter your comment!
Please enter your name here