TweetDeck Hack: 5 Fast Facts You Need to Know

tweetdeck, twitter, tweetdeck hack, tweet deck down, tweetdeck hacked, tweetdeck vulnerability


Bad news for Twitter fans: a vulnerability in TweetDeck has left the popular Twitter service at risk of being hacked. Here’s what you need to know to stay safe.

UPDATE: TweetDeck claims the vulnerability has been patched. We recommend waiting for a third party to confirm this claim, since TweetDeck erroneously claimed earlier today that the problem had been fixed.

UPDATE 2: USA Today confirms the issue has been dealt with. The Verge suggests the cause of the issue may possibly be an Austrian teenager. If involved, the teen is believed to have triggered the issue by accident.

1. TweetDeck Vulnerability Lets Hackers Execute Javascript Remotely

The Verge writes that the TweetDeck vulnerability allows people to remotely execute javascript code. So far, many of the people who have exploited the vulnerability have simply made some annoying pop-ups, but the vulnerability could be exploited in far more sinister fashions. TweetDeck has pushed through an update that addresses some, but not all, of the concerns associated with this vulnerability.

The Verge notes:

“When clients are left unpatched, the attacks let users execute their own javascript code elsewhere in the browser. So far, most of the reported exploits have been simple pop-up messages, but the potential does exist for more sinister attacks. The vulnerability is believed to be confined to web-based versions of TweetDeck, but other users have reported similar attacks in TweetDeck’s Windows app.”

Vox has a great breakdown of how, exactly, this vulnerability works. It reads, in part:

“The attack makes use of the JavaScript programming language, which powers most of the web’s interactive content. If someone puts JavaScript code into a tweet, your Twitter client is supposed to convert that into harmless plain text. But the Tweetdeck forgot to do that, causing the user’s computer to execute it instead.

The result: if you were running Tweetdeck, anyone in your Twitter timeline could force your computer to execute JavaScript code. For example, it could cause annoying popup messages to display on a user’s screen. Or create viral tweets that spread by causing users to automatically retweet them.”

2. TweetDeck Vulnerability Reported Across Multiple Platforms

Gizmodo notes that users of the Chrome, Windows, and Firefox versions of TweetDeck have all reported issues.

The issue had briefly been believed to be solved earlier this afternoon, simply by logging out and then logging back in. However, Gizmodo notes: “We’re having mixed results with the ‘log out and then log back in’ fix, and still seeing a few pop-ups here and there on different machines. If you want to be safe, it’s probably best to stay logged out for a big longer, especially if you run across any pop ups.”

TIME writes that safe alternatives to TweetDeck include Twitter’s own website and HootSuite.

3. TweetDeck Bug Causing Tens of Thousands of Odd Retweets

Business Insider notes that the TweetDeck bug has caused the tweet above to be retweeted over 37,000 times. Many other disgruntled TweetDeck users have taken to Twitter to apologize for spam or complain about retweets being credited to them that they didn’t actually retweet.

4. Most Tech Insiders Recommend Disabling TweetDeck For Now

The team at TheNextWeb writes that the best course of action for TweetDeck users is to revoke the platform’s access to your Twitter credentials immediately, and say out of the service until the problem is confirmed to be resolved.

5. TweetDeck Was Taken Down in Order to Deal With the Problem

TweetDeck has been taken down in order for the developers to fully deal with the vulnerability issue.

The Guardian writes:

“Theoretically, such flaws can be used to take over accounts, post tweets, unfollow and follow people, and more.

Twitter itself suffered a similar vulnerability in September 2010 that proved embarrassing after it was discovered by an Australian teenager.

Tweetdeck was originally a British company, and was acquired by Twitter for about £25m ($40m) in May 2011.”

Comment Here
Notify of
Oldest Most Voted
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x