12 Jun 2014

TweetDeck App XSS Vulnerability Exploited in Attack

An XSS vulnerability in TweetDeck, a Twitter application, has been exploited in an attack, according to The BBC.

Twitter acquired the British TweetDeck back in 2011 to collate different feeds. The XSS vulnerability simply retweeted the script's code if seen with TweetDeck.

At first, TweetDeck announced that, to apply the patch, users should log out and log in again because "a security issue that affected TweetDeck this morning has been fixed."

However users continued to report the attack. Later, they took down the app for further consideration.

"We've verified our security fix and have turned TweetDeck services back on for all users," TweetDeck said after their services went back on.

The attack affected some high-profile Twitter accounts and retweeted the script's code. BBC's Breaking News and Ed Miliband's Twitter accounts were also affected.

This is the third security issue this week, after Evernotes and Feedlys services were struck down by a DDoS attack.