Economy

Twitter Hacked

Update at 10:07: Once again showing the power of NPR, Twitter has been patched.

We’ve identified and are patching a XSS attack; as always, please message @safety if you have info regarding such an exploit.

We expect the patch to be fully rolled out shortly and will update again when it is.

Update (6:50 PDT, 13:50 UTC): The exploit is fully patched.

It might be wise to stay off Twitter.com this morning. A security hole is being exploited, mostly for fun and games, but also to send people to hardcore porn sites. And you don't need to click on the tweets, you just have to mouse over them.

From the Sophos security blog:

The Twitter website is being widely exploited by users who have stumbled across a flaw which allows messages to pop-up and third-party websites to open in your browser just by moving your mouse over a link. Messages are also spreading virally exploiting the vulnerability without the consent of users.

Thousands of Twitter accounts have posted messages exploiting the flaw. Victims include Sarah Brown, wife of the former British Prime Minister.

It appears that in Sarah Brown's case her Twitter page has been messed with in an attempt to redirect visitors to a hardcore porn site based in Japan. That's obviously bad news for her followers - over one million of them.

screenshot of Sarah Brown's Twitter page

Screenshot of Sarah Brown's Twitter page. twitter.com hide caption

itoggle caption twitter.com

The exploit does not effect third party Twitter applications, so those are still safe to use.

Comments

 

Please keep your community civil. All comments must follow the NPR.org Community rules and terms of use, and will be moderated prior to posting. NPR reserves the right to use the comments we receive, in whole or in part, and to use the commenter's name and location, in any medium. See also the Terms of Use, Privacy Policy and Community FAQ.