TweetDeck Hit by XSS Vulnerability
Security Watch
SHARE
Facebook X Pinterest WhatsApp

TweetDeck Hit by XSS Vulnerability

TweetDeck Hit by XSS Vulnerability
Written By
Sean Michael Kerner
Sean Michael Kerner
Jun 11, 2014
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Twitter users are a vocal bunch, and when the popular TweetDeck application ran into some security trouble today, the message was shared in 140-character snippets.

TweetDeck is a Twitter application that was acquired by Twitter in 2011 and is widely used by many (including yours truly). The first signs of trouble with TweetDeck appeared around 11 a.m. ET with warnings of a possible cross-site scripting (XSS) attack.

In an XSS attack, code from one location is able to influence another site without authorization. In my own personal usage, I first began seeing Twitter messages with embedded XSS code shortly after 11 a.m. ET, which upon viewing were immediately retweeted automatically, without my authorization or any action on my part.

At 12:31 p.m. ET, TweetDeck first acknowledged the issue in a tweet that stated that the security issue that affected TweetDeck in the morning had been fixed. TweetDeck advised its users to log out of TweetDeck and log back in to fully apply the fix.

At 12:32 p.m. ET, the fix was not working for me, and the XSS issue was still very much active.

At 12:59 p.m. ET, TweetDeck admitted that its fix wasn’t quite done, noting in a tweet that it was temporarily shutting TweetDeck down to further investigate the issue.

At 1:55 p.m. ET, TweetDeck service was restored.

“We’ve verified our security fix and have turned TweetDeck services back on for all users,” TweetDeck stated.

The idea of having an XSS or other security issues in Twitter is not a new one, though it has been a few years since I last saw one that actually worked. Back in 2009, I wrote about a Twitter worm that generated spam tweets. Certainly there have been other user account-specific security issues for individual users of Twitter over the years, where account credentials are abused, but nothing quite like today’s TweetDeck XSS issue.

It’s not clear at this point how the XSS issue found its way into TweetDeck, but on the positive front, it’s an issue that flared up and was fixed within 3 hours. It will be interesting to see if there are any copycat attacks in the coming days, or if this incident was unique.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
Sean Michael Kerner
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information