Security flaw takes down Twitter's TweetDeck (Update)

Jun 11, 2014
Twitter said it briefly took down its popular TweetDeck application to view and manage messages because of a security flaw, which prompted some calls to stop using the program

Twitter said Wednesday it briefly took down its popular TweetDeck application to view and manage messages because of a security flaw, which prompted some calls to stop using the program.

Some experts said the vulnerability could be exploited by hackers, and reports cited instances of people's TweetDeck accounts hijacked on the Chrome browser.

The popular messaging platform said it discovered "a security issue that affected TweetDeck" and temporarily took the service offline, telling users: "Please log out of TweetDeck and log back in to fully apply the fix."

After a period of confusion and complaints about the fix not working, Twitter announced, "We've verified our security fix and have turned TweetDeck services back on for all users. Sorry for any inconvenience."

Independent security analyst Graham Cluley said the issue was "a potentially serious security flaw" and added, "It is easy to imagine how someone could take advantage of it with malicious purposes."

"In my opinion, TweetDeck isn't safe to use until the flaw has been fixed," Cluley said in a blog post.

"So you need to quit TweetDeck right now, and revoke its access to your Twitter account."

It was not immediately clear if Twitter's fix had patched the flaws in the browser versions of the program.

Earlier, City University of New York journalism professor Jeff Jarvis tweeted that his account appeared to have been compromised and that Twitter's advice failed to work.

"Goddamnit, @twitter: 1. Impossible to sign out of Tweetdeck when it's taken over 2. Killing app, reinstalling & signing in does NADA," he said.

Founded in 2008 by Iain Dodsworth, Tweetdeck is a favorite of heavy Twitter users, allowing them to view "tweets" in various different ways and to organize their messages into columns—features not offered on the multiblogging platform's own website.

Twitter bought Tweetdeck in 2011. It had been an independent application until that point.

Two other Web services targeted

Unknown hackers also took down two Web services—the online note-taking firm Evernote and the RSS news site Feedly.

Evernote said on its status page that a denial of service attack began late Tuesday and that most of its services were restored Wednesday.

Feedly said hackers were seeking "to extort us money to make it stop," and added: "We refused to give in and are working with our network providers to mitigate the attack as best as we can."

Feedly gained in popularity when Google ended its Reader service, which provided news updates from a variety of websites.

Cluley praised Feedly to refusing the extortion.

"It's right not to give in to the blackmailers who are essentially running an extortion racket," he said.

"The danger of paying DDoS blackmailers is that you're only encouraging them to attack you more, perhaps increasing their financial demands next time."

Explore further: 'Golden Tweet' is Twitter's most echoed note in 2013

add to favorites email to friend print save as pdf

Related Stories

Twitter launching photo-sharing service

Jun 01, 2011

Twitter said Wednesday that it is adding a photo-sharing option for its users, a move that could deal a blow to existing services such as Twitpic and yfrog.

Tech blog says Twitter bought TweetDeck

May 03, 2011

Twitter on Monday declined to comment on a renewed report that the microblogging service has bought a TweetDeck service used to "tweet" from mobile phones and tablet computers.

Twitter seeking to buy TweetDeck: WSJ

Apr 18, 2011

Twitter is in "advanced talks" to buy TweetDeck, a popular platform for accessing the service, for some $50 million, The Wall Street Journal reported Monday.

Twitter buys TweetDeck for reported $40M to $50M

May 25, 2011

Twitter has bought TweetDeck, a London-based startup that helps people read, write and organize the short messages posted on the online network - and will keep the service going.

Recommended for you

US warns retailers on data-stealing malware

7 hours ago

US government cybersecurity watchdogs warned retailers Thursday about malware being circulated that allows hackers to get into computer networks and steal customer data.

Irish bookmaker apologizes for 2010 data breach

8 hours ago

(AP)—Irish betting company Paddy Power announced Thursday it is notifying hundreds of thousands of customers that most of their profile information was stolen in 2010, but hackers did not gain their credit card details ...

Misinformation diffusing online

11 hours ago

The spread of misinformation through online social networks is becoming an increasingly worrying problem. Researchers in India have now modeled how such fictions and diffuse through those networks. They described details ...

User comments : 0