Twitter hack sees websites opened without clicking links
- 22 September, 2010 02:53
Hackers have exploited a flaw in Twitter, which results in pop-ups and third-party websites being opened despite users simply hovering over links with their mouse.
Hundred of Twitter users, including Sarah Brown - wife of the former Labour Prime Minister Gordon Brown - have fallen victim to the attack. In some cases the third-party websites that are open are pornographic.
Graham Cluely from security firm Sophos said in a blog that at present the flaw is being exploited for "fun and games" although "there is obviously the potential for cybercriminals to redirect users to third-party websites containing malicious code, or for spam advertising pop-ups to be displayed".
Cluley advised Twitter users to avoid using the Twitter website and instead rely on a third-party client such as Tweetdeck to access the service.
At around 2:50pm this afternoon (GMT), Twitter's @Safety feed posted the following message, suggesting that the problem was solved:
"We've identified and are patching a XSS attack; as always, please message @safety if you have info regarding such an exploit."