Menu
Twitter hack sees websites opened without clicking links

Twitter hack sees websites opened without clicking links

Use third-party clients to access micro-blogging service

Hackers have exploited a flaw in Twitter, which results in pop-ups and third-party websites being opened despite users simply hovering over links with their mouse.

Hundred of Twitter users, including Sarah Brown - wife of the former Labour Prime Minister Gordon Brown - have fallen victim to the attack. In some cases the third-party websites that are open are pornographic.

The malicious links contain Javascript code, called onMouseOver, which allows users to redirected, even if they haven't clicked on the link.

Graham Cluely from security firm Sophos said in a blog that at present the flaw is being exploited for "fun and games" although "there is obviously the potential for cybercriminals to redirect users to third-party websites containing malicious code, or for spam advertising pop-ups to be displayed".

"Hopefully Twitter will shut down this loophole as soon as possible - disallowing users to post the onMouseOver JavaScript code, and protecting users whose browsing may be at risk," he added.

Cluley advised Twitter users to avoid using the Twitter website and instead rely on a third-party client such as Tweetdeck to access the service.

At around 2:50pm this afternoon (GMT), Twitter's @Safety feed posted the following message, suggesting that the problem was solved:

"We've identified and are patching a XSS attack; as always, please message @safety if you have info regarding such an exploit."

See also: Twitter's new homepage: what the critics said


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags twittersoftwaresophosInternet & broadbandPC security

Events

Featured

Slideshows

Channel kicks 2021 into gear as After Hours returns to Auckland

Channel kicks 2021 into gear as After Hours returns to Auckland

After Hours made a welcome return to the channel social calendar with a bumper crowd of partners, distributors and vendors descending on The Pantry at Park Hyatt in Auckland to kick-start 2021.

Channel kicks 2021 into gear as After Hours returns to Auckland
The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

Hundreds of leaders from the New Zealand IT industry gathered at the Hilton in Auckland on 17 November to celebrate the finest female talent in the Kiwi channel and recognise the winners of the Reseller News Women in ICT Awards (WIICTA) 2020.

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards
Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

The leading female front runners of the New Zealand ICT industry joined together for the annual Reseller News Women in ICT Awards event at the Hilton in Auckland, during which hundreds of guests celebrated 13 outstanding individuals who won awards, chosen from more than 50 finalists representing over 30 organisations.

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards
Show Comments