Menu
Twitter hack sees websites opened without clicking links

Twitter hack sees websites opened without clicking links

Use third-party clients to access micro-blogging service

Hackers have exploited a flaw in Twitter, which results in pop-ups and third-party websites being opened despite users simply hovering over links with their mouse.

Hundred of Twitter users, including Sarah Brown - wife of the former Labour Prime Minister Gordon Brown - have fallen victim to the attack. In some cases the third-party websites that are open are pornographic.

The malicious links contain Javascript code, called onMouseOver, which allows users to redirected, even if they haven't clicked on the link.

Graham Cluely from security firm Sophos said in a blog that at present the flaw is being exploited for "fun and games" although "there is obviously the potential for cybercriminals to redirect users to third-party websites containing malicious code, or for spam advertising pop-ups to be displayed".

"Hopefully Twitter will shut down this loophole as soon as possible - disallowing users to post the onMouseOver JavaScript code, and protecting users whose browsing may be at risk," he added.

Cluley advised Twitter users to avoid using the Twitter website and instead rely on a third-party client such as Tweetdeck to access the service.

At around 2:50pm this afternoon (GMT), Twitter's @Safety feed posted the following message, suggesting that the problem was solved:

"We've identified and are patching a XSS attack; as always, please message @safety if you have info regarding such an exploit."

See also: Twitter's new homepage: what the critics said


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags twittersoftwaresophosInternet & broadbandPC security

Featured

Slideshows

Leading female front runners of the Kiwi ICT industry honoured at 2019 WIICTA

Leading female front runners of the Kiwi ICT industry honoured at 2019 WIICTA

Reseller News has honoured the leading female front runners of the New Zealand ICT industry at the 2019 Women in ICT Awards (WIICTA) in Auckland. The awards recognised standout individuals across six categories, spanning Entrepreneur, Rising Star, Shining Star, Community, Technical and Achievement. Photos by Gino Demeer.

Leading female front runners of the Kiwi ICT industry honoured at 2019 WIICTA
Reseller News kicks off awards season in 2019 with Judges' Lunch

Reseller News kicks off awards season in 2019 with Judges' Lunch

The 2019 Reseller News Innovation Awards has kicked off with the Judges Lunch in Auckland with 70 judges in the voting panel. The awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors. Photos by Christine Wong.

Reseller News kicks off awards season in 2019 with Judges' Lunch
Reseller News welcomes industry figures for 2019 Hall of Fame lunch

Reseller News welcomes industry figures for 2019 Hall of Fame lunch

Reseller News welcomed 2018 inductees - Chris Simpson, Kendra Ross and Phill Patton - to the third running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing landscape of the technology industry in New Zealand, while outlining ways to attract a new breed of players to the ecosystem. Photos by Gino Demeer.

Reseller News welcomes industry figures for 2019 Hall of Fame lunch
Show Comments