Skip to main content

Twitter worm spreads across the web like wildfire

twitter homepage
Image used with permission by copyright holder

A massive security breach on Twitter this morning saw thousands of users being sent links to porn sites.

If you visited the site this morning, you probably were greeted by several unusual tweets from friends displaying lines of JavaScript. Scroll your mouse over them and you would have become the next victim in this attack.

Twitter has now fixed this, making the site safe to visit again. Here’s what was going on:

An internet worm was redirecting users to new websites, largely porn based, due to a flaw detected last night on Twitter.

The bug was spreading quickly because it worked just when the mouse hovers over a chunk of ‘infected’ text. Users did not have to click on the link for them to become the latest victim of this hack.

Hackers exploited a flaw that was part of a cross-site scripting (XSS) bug. This made it possible to include JavaScript in tweets, baiting unsuspecting users.

This security flaw definitely raises questions about Twitter’s ability to deflect attacks as its star rises. The hack appears to have only affected users on the old Twitter website, as this never became an issue on the new Twitter homepage that has started rolling out.

Laura Khalil
Former Digital Trends Contributor
Laura is a tech reporter for Digital Trends, the editor of Dorkbyte and a science blogger for PBS. She's been named one of…