Home > Mobile > TweetDeck hijacked by pranksters, users receive…

TweetDeck hijacked by pranksters, users receive absurd messages

A security flaw in TweetDeck was exposed last Wednesday, causing the service to turn itself on and off over the course of a few hours. While the app was scrambling to restore service to users, hackers were having a field day, doing their best imitation of a 10-year old boy, plastering messages like “penis penis penis,” and “I love poop,” in alert boxes that took over the software.

The messages ranged from the comically inane… 

To prompts that are just plain weird.

 Just like everything else in life, the disruption was also improved by some rickrollling.

According to CNNMoney, the security hole was discovered by an Austrian teenager named Florian. The vulnerability, which took advantage of TweetDeck’s cross-site scripting (XSS) capability, was exposed through the use of a heart symbol that contained a string of code. Florian said that he discovered that using “&hearts” to create a heart symbol opened a security flaw in the app that allowed people to send computer program commands through tweets. 

He notified Twitter of the flaw, but pranksters were quick to take advantage of the vulnerability. One hacker even managed to create a code that caused users to auto-retweet his messages. The Twitter accounts of the New York Times and SFGate were affected by the disruption. The code for the re-tweet hack can be found below. So far, it’s been retweeted 79,000 times. 

TweetDeck announced that the security hole was patched early on Thursday. However, some users were still reporting issues. 

In a blog post, anti-virus software maker McAfee offered recommendations for dealing with the disruption. The company rattled off the usual laundry list of security measures, asking users to sign out of TweetDeck, change passwords regularly (14 characters is ideal) and to avoid third-party apps.

Get our Top Stories delivered to your inbox: