TweetDeck back online after XSS attack caused users to RT mystery code

An attack on TweetDeck caused users to retweet mysterious lines of code, causing the service to be taken offline.

Published Wed, Jun 11 2014 2:11 PM CDT   |   Updated Tue, Nov 3 2020 12:16 PM CST

Tweetdeck has been compromised by an XSS vulnerability, causing some users to retweet a mysterious line of code.

TweetDeck back online after XSS attack caused users to RT mystery code |

At first, Tweetdeck said the vulnerability had been fixed but users later reported continuing attacks, such as the code retweets, leading to it being taken offline. It has since returned.

"We've temporarily taken TweetDeck services down to assess today's earlier security issue," the company said. "We'll update when services are back up."

Later it added: "We've verified our security fix and have turned TweetDeck services back on for all users."

Security company Rapid7 praised TweetDeck's approach to the attack and the guidance it issued. It instructed users to log out and log back in again, which offers damage control against a common XSS attack.

"The guidance from Tweetdeck is simple and correct, log out, and log back in," Rapid7's Trey Ford said. "One of the most common and useful XSS attacks is used to steal the user's session, effectively enabling an attacker to log in as you.

"This worm hearkens back to the MySpace 'Samy Worm' in 2006, except for one key step- this worm does not appear to have the ability to force your account to follow the attacker," Ford said.

This is not the first time Twitter has been subject to an XSS attack, as we have previously reported.


Tamlin Magee is based in London. His name can be found around the web and in print, and he's mostly interested in the ways the rapid rate of technological development is affecting us and our surroundings.

Newsletter Subscription

Related Tags

Newsletter Subscription
Latest News
View More News
Latest Reviews
View More Reviews
Latest Articles
View More Articles