Bad news for Twitter fans: a vulnerability in TweetDeck has left the popular Twitter service at risk of being hacked. Here’s what you need to know to stay safe.
We've verified our security fix and have turned TweetDeck services back on for all users. Sorry for any inconvenience.
— TweetDeck (@TweetDeck) June 11, 2014
UPDATE: TweetDeck claims the vulnerability has been patched. We recommend waiting for a third party to confirm this claim, since TweetDeck erroneously claimed earlier today that the problem had been fixed.
UPDATE 2: USA Today confirms the issue has been dealt with. The Verge suggests the cause of the issue may possibly be an Austrian teenager. If involved, the teen is believed to have triggered the issue by accident.
— Gizmodo (@Gizmodo) June 11, 2014
The Verge notes:
Vox has a great breakdown of how, exactly, this vulnerability works. It reads, in part:
2. TweetDeck Vulnerability Reported Across Multiple Platforms
TweetDeck Taken Down To Assess XSS Vulnerability pic.twitter.com/25dUDA7VtG
— Soniasuponia (@Soniasuponia) June 11, 2014
Gizmodo notes that users of the Chrome, Windows, and Firefox versions of TweetDeck have all reported issues.
The issue had briefly been believed to be solved earlier this afternoon, simply by logging out and then logging back in. However, Gizmodo notes: “We’re having mixed results with the ‘log out and then log back in’ fix, and still seeing a few pop-ups here and there on different machines. If you want to be safe, it’s probably best to stay logged out for a big longer, especially if you run across any pop ups.”
TIME writes that safe alternatives to TweetDeck include Twitter’s own website and HootSuite.
3. TweetDeck Bug Causing Tens of Thousands of Odd Retweets
<script class="xss">$('.xss').parents().eq(1).find('a').eq(1).click();$('[data-action=retweet]').click();alert('XSS in Tweetdeck')</script>♥
— *andy (@derGeruhn) June 11, 2014
Business Insider notes that the TweetDeck bug has caused the tweet above to be retweeted over 37,000 times. Many other disgruntled TweetDeck users have taken to Twitter to apologize for spam or complain about retweets being credited to them that they didn’t actually retweet.
4. Most Tech Insiders Recommend Disabling TweetDeck For Now
Out of muscle memory I have tried to re-open Tweetdeck approximately elevenity-billion times in the last ten minutes.
— Donna Dickens (@MildlyAmused) June 11, 2014
The team at TheNextWeb writes that the best course of action for TweetDeck users is to revoke the platform’s access to your Twitter credentials immediately, and say out of the service until the problem is confirmed to be resolved.
5. TweetDeck Was Taken Down in Order to Deal With the Problem
— Julie Twinkle (@DJJulieTwinkle) June 11, 2014
TweetDeck has been taken down in order for the developers to fully deal with the vulnerability issue.
The Guardian writes:
“Theoretically, such flaws can be used to take over accounts, post tweets, unfollow and follow people, and more.
Twitter itself suffered a similar vulnerability in September 2010 that proved embarrassing after it was discovered by an Australian teenager.
Tweetdeck was originally a British company, and was acquired by Twitter for about £25m ($40m) in May 2011.”