Twitter users hit by viral hack attack

Twitter users were victims of a cross-site scripting...

Twitter users were victims of a cross-site scripting (XSS) vulnerability today as users reported message pop-ups and third-party websites being accessed without consent.

In a statement, Twitter said the exploit is now fully patched. "We have identified and are patching an XSS attack; as always, please message @safety if you have info regarding such an exploit," said Twitter.

In a blog post, Sophos security expert Graham Cluley said, "It looks like many users are currently using the flaw for fun and games, but there is obviously the potential for cybercriminals to redirect users to third-party websites containing malicious code, or for spam advertising pop-ups to be displayed.

"Some users are also seemingly deliberately exploiting the loophole to create tweets that contain blocks of colour, known as 'rainbow tweets'. Because these messages can hide their true content they might prove too hard for some users to resist clicking on them," he added.

Cluley advised users to use a third-party Twitter client rather than until the flaw is fixed.



Enjoy the benefits of CW+ membership, learn more and join.

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.