TweetDeck was forced offline after a security hole was discovered that could open up users' browsers to cross site scripting (XSS) attacks.
The vulnerability affected several high profile accounts including Labour leader Ed Miliband.
Soon after the discovery, many Twitter users managed to post tweets using the flaw to display dialogue boxes. However, the XSS flaw could allow hackers to inject javascript into web pages to access user accounts and important security information.
We've verified our security fix and have turned TweetDeck services back on for all users. Sorry for any inconvenience.TweetDeck (@TweetDeck) June 11, 2014
The vulnerability seemed to only affect TweetDeck's browser plug-in for Google Chrome. The XSS vulnerability has been reported on both Windows and Mac versions of the TweetDeck app for Chrome.
Initially, users were warned to log out and log back into TweetDeck to prevent users from being hacked. It then took the service down to assess the security issue.
"We've verified our security fix and have turned TweetDeck services back on for all users. Sorry for any inconvenience," it said in a tweet.
Trey Ford, global security strategist at IT security firm Rapid7, said that while TweetDeck appeared to have jumped on this issue and patched it, the bug was still spreading "like wildfire through Twitter."
"This vulnerability very specifically renders a tweet as code in the browser, allowing various cross site scripting (XSS) attacks to be run by simply viewing a tweet. The current attack we're seeing is a "worm" that self-replicates by creating malicious tweets," he said.
George Anderson, director of product marketing at Webroot, said that hackers could have used the flaw to send sensitive information back to them.
"A potential attacker can gains access to the user's private information such as passwords, usernames and card numbers," he said.
Mikko Hypponen, the chief research officer at F-Secure, discovered a similar flaw in Tweetdeck back in 2011.
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
Hackers are targeting Ivanti VPN users again – here’s what you need to knowNews Ivanti has re-patched a security flaw in its Connect Secure VPN appliances that's been exploited by a China-linked espionage group since at least the middle of March.
-
Broadcom issues urgent alert over three VMware zero-daysNews The firm says it has information to suggest all three are being exploited in the wild
-
Nakivo backup flaw still present on some systems months after firms’ ‘silent patch’, researchers claimNews Over 200 vulnerable Nakivo backup instances have been identified months after the firm silently patched a security flaw.
-
Everything you need to know about the Microsoft Power Pages vulnerabilityNews A severe Microsoft Power Pages vulnerability has been fixed after cyber criminals were found to have been exploiting unpatched systems in the wild.
-
Vulnerability management complexity is leaving enterprises at serious riskNews Fragmented data and siloed processes mean remediation is taking too long
-
A critical Ivanti flaw is being exploited in the wild – here’s what you need to knowNews Cyber criminals are actively exploiting a critical RCE flaw affecting Ivanti Connect Secure appliances
-
Researchers claim an AMD security flaw could let hackers access encrypted dataNews Using only a $10 test rig, researchers were able to pull off the badRAM attack
-
A journey to cyber resiliencewhitepaper DORA: Ushering in a new era of cyber security
