TweetDeck was forced offline after a security hole was discovered that could open up users' browsers to cross site scripting (XSS) attacks.
The vulnerability affected several high profile accounts including Labour leader Ed Miliband.
Soon after the discovery, many Twitter users managed to post tweets using the flaw to display dialogue boxes. However, the XSS flaw could allow hackers to inject javascript into web pages to access user accounts and important security information.
We've verified our security fix and have turned TweetDeck services back on for all users. Sorry for any inconvenience.TweetDeck (@TweetDeck) June 11, 2014
The vulnerability seemed to only affect TweetDeck's browser plug-in for Google Chrome. The XSS vulnerability has been reported on both Windows and Mac versions of the TweetDeck app for Chrome.
Initially, users were warned to log out and log back into TweetDeck to prevent users from being hacked. It then took the service down to assess the security issue.
"We've verified our security fix and have turned TweetDeck services back on for all users. Sorry for any inconvenience," it said in a tweet.
Trey Ford, global security strategist at IT security firm Rapid7, said that while TweetDeck appeared to have jumped on this issue and patched it, the bug was still spreading "like wildfire through Twitter."
"This vulnerability very specifically renders a tweet as code in the browser, allowing various cross site scripting (XSS) attacks to be run by simply viewing a tweet. The current attack we're seeing is a "worm" that self-replicates by creating malicious tweets," he said.
George Anderson, director of product marketing at Webroot, said that hackers could have used the flaw to send sensitive information back to them.
"A potential attacker can gains access to the user's private information such as passwords, usernames and card numbers," he said.
Mikko Hypponen, the chief research officer at F-Secure, discovered a similar flaw in Tweetdeck back in 2011.
-
Trump's AI executive order could leave US in a 'regulatory vacuum'News Citing a "patchwork of 50 different regulatory regimes" and "ideological bias", President Trump wants rules to be set at a federal level
-
TPUs: Google's home advantageITPro Podcast How does TPU v7 stack up against Nvidia's latest chips – and can Google scale AI using only its own supply?
-
Security experts claim the CVE Program isn’t up to scratch anymore — inaccurate scores and lengthy delays mean the system needs updatedNews CVE data is vital in combating emerging threats, yet inaccurate ratings and lengthy wait times are placing enterprises at risk
-
IBM AIX users urged to patch immediately as researchers sound alarm on critical flawsNews Network administrators should patch the four IBM AIX flaws as soon as possible
-
Critical Dell Storage Manager flaws could let hackers access sensitive data – patch nowNews A trio of flaws in Dell Storage Manager has prompted a customer alert
-
Flaw in Lenovo’s customer service AI chatbot could let hackers run malicious code, breach networksNews Hackers abusing the Lenovo flaw could inject malicious code with just a single prompt
-
Industry welcomes the NCSC’s new Vulnerability Research Initiative – but does it go far enough?News The cybersecurity agency will work with external researchers to uncover potential security holes in hardware and software
-
Hackers are targeting Ivanti VPN users again – here’s what you need to knowNews Ivanti has re-patched a security flaw in its Connect Secure VPN appliances that's been exploited by a China-linked espionage group since at least the middle of March.
-
Broadcom issues urgent alert over three VMware zero-daysNews The firm says it has information to suggest all three are being exploited in the wild
-
Nakivo backup flaw still present on some systems months after firms’ ‘silent patch’, researchers claimNews Over 200 vulnerable Nakivo backup instances have been identified months after the firm silently patched a security flaw.
