News

Twitter users hit by viral hack attack

Twitter users were victims of a cross-site scripting (XSS) vulnerability today as users reported message pop-ups and third-party websites being accessed without consent.

In a statement, Twitter said the exploit is now fully patched. "We have identified and are patching an XSS attack; as always, please message @safety if you have info regarding such an exploit," said Twitter.

In a blog post, Sophos security expert Graham Cluley said, "It looks like many users are currently using the flaw for fun and games, but there is obviously the potential for cybercriminals to redirect users to third-party websites containing malicious code, or for spam advertising pop-ups to be displayed.

"Some users are also seemingly deliberately exploiting the loophole to create tweets that contain blocks of colour, known as 'rainbow tweets'. Because these messages can hide their true content they might prove too hard for some users to resist clicking on them," he added.

Cluley advised users to use a third-party Twitter client rather than Twitter.com until the flaw is fixed.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy