June 11, 2014 7:03 pm

Tweetdeck hacked: Users urged to log out to apply fix


ABOVE: (Jun. 11, 2014) The Twitter dashboard service known as Tweetdeck faced a security breach on Wednesday. As Sean O’Shea reports, thousands of unusual messages were spewed through the service after an Austrian teen says he found a security vulnerability.

TORONTO – TweetDeck users are being urged to log out of their accounts and change their passwords as soon as possible after the social media tool was hacked Wednesday morning.

Story continues below

Users began experiencing strange pop-up messages when using the real-time Twitter tracking tool Wednesday. Affected accounts also re-tweeted a cross-site scripting (XSS) code sent out by the Twitter account @derGeruhn as a result of the vulnerability. That tweet has since been re-tweeted over 38,000 times.

The Global News Twitter account was also affected by the bug.

“A security issue that affected TweetDeck this morning has been fixed. Please log out of TweetDeck and log back in to fully apply the fix,” read a statement tweeted by the official TweetDeck account.

Users are also encouraged to change their Twitter passwords.

TweetDeck appears to have been affected by a XSS vulnerability that would allow an attacker to execute code remotely on your computer by tweeting it out. The vulnerability appears to have mainly affected the TweetDeck for Chrome app, however some users reported experiencing the issue on the TweetDeck website.

TweetDeck temporarily took its services offline Wednesday afternoon to assess the vulnerability. Service has since been restored.

“We’ve verified our security fix and have turned TweetDeck services back on for all users. Sorry for any inconvenience,” read a tweet from its account.

User claiming to find the bug says he didn’t mean to hack TweetDeck

The Twitter user claiming responsibility for the hack told CNN Wednesday that he didn’t mean to hack the website.

The Australian teenager, who goes by the name Firo, said he was just experimenting when he discovered using the “♥” symbol in TweetDeck creating an opening in its software. According to CNN, the teen tested it a few times before he got it to create a pop-up on his desktop.

“It wasn’t a hack. It was some sort of accident,” he told CNN via Twitter.

Though the teen said he reported the vulnerability to Twitter right away, other hackers in the community took note of his tweets and shortly after users began reporting the Tweetdeck hack online.

© 2014 Shaw Media

Report an error


Want to discuss? Please read our Commenting Policy first.