Security flaw takes down Twitter's TweetDeck (Update)

Jun 11, 2014
Twitter said it briefly took down its popular TweetDeck application to view and manage messages because of a security flaw, which prompted some calls to stop using the program

Twitter said Wednesday it briefly took down its popular TweetDeck application to view and manage messages because of a security flaw, which prompted some calls to stop using the program.

Some experts said the vulnerability could be exploited by hackers, and reports cited instances of people's TweetDeck accounts hijacked on the Chrome browser.

The popular messaging platform said it discovered "a security issue that affected TweetDeck" and temporarily took the service offline, telling users: "Please log out of TweetDeck and log back in to fully apply the fix."

After a period of confusion and complaints about the fix not working, Twitter announced, "We've verified our security fix and have turned TweetDeck services back on for all users. Sorry for any inconvenience."

Independent security analyst Graham Cluley said the issue was "a potentially serious security flaw" and added, "It is easy to imagine how someone could take advantage of it with malicious purposes."

"In my opinion, TweetDeck isn't safe to use until the flaw has been fixed," Cluley said in a blog post.

"So you need to quit TweetDeck right now, and revoke its access to your Twitter account."

It was not immediately clear if Twitter's fix had patched the flaws in the browser versions of the program.

Earlier, City University of New York journalism professor Jeff Jarvis tweeted that his account appeared to have been compromised and that Twitter's advice failed to work.

"Goddamnit, @twitter: 1. Impossible to sign out of Tweetdeck when it's taken over 2. Killing app, reinstalling & signing in does NADA," he said.

Founded in 2008 by Iain Dodsworth, Tweetdeck is a favorite of heavy Twitter users, allowing them to view "tweets" in various different ways and to organize their messages into columns—features not offered on the multiblogging platform's own website.

Twitter bought Tweetdeck in 2011. It had been an independent application until that point.

Two other Web services targeted

Unknown hackers also took down two Web services—the online note-taking firm Evernote and the RSS news site Feedly.

Evernote said on its status page that a denial of service attack began late Tuesday and that most of its services were restored Wednesday.

Feedly said hackers were seeking "to extort us money to make it stop," and added: "We refused to give in and are working with our network providers to mitigate the attack as best as we can."

Feedly gained in popularity when Google ended its Reader service, which provided news updates from a variety of websites.

Cluley praised Feedly to refusing the extortion.

"It's right not to give in to the blackmailers who are essentially running an extortion racket," he said.

"The danger of paying DDoS blackmailers is that you're only encouraging them to attack you more, perhaps increasing their financial demands next time."

Explore further: 'Golden Tweet' is Twitter's most echoed note in 2013

add to favorites email to friend print save as pdf

Related Stories

Twitter launching photo-sharing service

Jun 01, 2011

Twitter said Wednesday that it is adding a photo-sharing option for its users, a move that could deal a blow to existing services such as Twitpic and yfrog.

Tech blog says Twitter bought TweetDeck

May 03, 2011

Twitter on Monday declined to comment on a renewed report that the microblogging service has bought a TweetDeck service used to "tweet" from mobile phones and tablet computers.

Twitter seeking to buy TweetDeck: WSJ

Apr 18, 2011

Twitter is in "advanced talks" to buy TweetDeck, a popular platform for accessing the service, for some $50 million, The Wall Street Journal reported Monday.

Twitter buys TweetDeck for reported $40M to $50M

May 25, 2011

Twitter has bought TweetDeck, a London-based startup that helps people read, write and organize the short messages posted on the online network - and will keep the service going.

Recommended for you

Google made failed bid for Spotify

10 hours ago

Internet titan Google tried last year to buy streaming music service Spotify but backed off for reasons including a whopping price tag, the Wall Street Journal reported on Tuesday.

Thieves got into 1,000 StubHub accounts

10 hours ago

(AP)—Cyber thieves got into more than 1,000 StubHub customers' accounts and fraudulently bought tickets for events through the online ticket reseller, a law enforcement official and the company said.

Putin signs law seen as crimping social media

22 hours ago

President Vladimir Putin on Tuesday signed a law requiring Internet companies to store all personal data of Russian users at data centres in Russia, a move which could chill criticism on foreign social networking ...

User comments : 0