One of the most recognized Twitter application out there is TweetDeck. The app was acquired by Twitter and since then, TweetDeck has improved a lot where usability is concerned, but not so much on security.
Apparently, Tweetdeck was hacked and was unavailable for some time; this has a lot to do with JavaScript from what we've come to understand.
"We've temporarily taken TweetDeck services down to assess today's earlier security issue. We'll update when services are back up," according to TweetDeck on Twitter. TweetDeck is a desktop app that lets users manage their Twitter feeds.
When the hack was live, some users were unable to log-in, while others were greeted with a plethora of problems. For example, reading a tweet could cause pop-ups to appear, and even redirect the user to another website. Crazy, right? It is, but that's not all.
The hack also caused some users to automatically retweet something without them knowing, and even hijacked the user's account. The purpose of this hack is currently unknown, but we need to consider the possibilities of personal information being stolen and so, it is best for TweetDeck users to change passwords as soon as possible.
TweetDeck made a statement on its official Twitter account, alerting users that the issue has been fixed.
"A security issue that affected TweetDeck this morning has been fixed. Please log out of TweetDeck and log back in to fully apply the fix," says TweetDeck in a June 11 message.
It would appear, though, that the issue only affected Google Chrome users with the TweetDeck plug-in installed, according to Trey Ford, global strategist at security firm Rapid7.
"This vulnerability very specifically renders a tweet as code in the browser, allowing various cross site scripting (XSS) attacks to be run by simply viewing a tweet. The current attack we're seeing is a 'worm' that self-replicates by creating malicious tweets. It looks like this primarily affects users of the TweetDeck plug-in for Google Chrome."
We can only hope that this vulnerability hasn't caused more damage that cannot be undone. This should be the biggest security wake-up call for Twitter as this hack will not be the last. More will follow, and Twitter should have enough countermeasures for the sake of its users.
