Twitter turns off Tweetdeck to 'assess' JavaScript security breach (update: it's back)

Sponsored Links

Richard Lawler
June 11, 2014 1:30 PM
In this article: javascript, security, tweetdeck, twitter, xss
Twitter turns off Tweetdeck to 'assess' JavaScript security breach (update: it's back)

If you're a Tweetdeck user and can't login right now -- there's a reason. The service's webapp contained a vulnerability that let it run scripts embedded in tweets; just reading a tweet could cause a popup to appear on your screen, redirect you to another website, hijack your account or even cause you to retweet something without knowing. Since Tweetdeck is used by many of the social media managers for widely-followed accounts, a flaw that spreads itself could quickly replicate across the service.The official Tweetdeck account claimed the vulnerability was fixed earlier, but that doesn't appear to have worked, and as a result, Twitter has taken the service down "to assess today's earlier security issue." Even though you can't login right now, it would probably be a good idea to revoke the service's access to your account entirely until things are resolved.

Update: Tweetdeck says it's verified a security fix and turned the service back on -- who wants to be the first to confirm if it's actually safe?

[Image credit: Simon Dawson/Bloomberg via Getty Images]

Turn on browser notifications to receive breaking news alerts from Engadget
You can disable notifications at any time in your settings menu.
Not now

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Popular on Engadget