Advertisement

Archive for Wednesday, September 22, 2010

Security loophole allowed “onMouseOver” Twitter hack to open popups

September 22, 2010

Advertisement

— A new way to cause mischief quickly spread through short-messaging service Twitter on Tuesday morning before the site could fix the problem, as mysterious “tweets” of blocked-out text propagated themselves and caused popup windows to open.

Shortly before 10 a.m. Eastern time, Twitter said on its “safety” feed on the site that the attack had been shut down. It also said it does not believe that any user information was compromised, rather, the vast majority of the breaches were pranks or promotions.

The hack had been extra nefarious because the tweets activated without being clicked on — it was enough for Web surfers to move their mouse cursors over them. But it only affected visitors to Twitter.com. Various third-party programs used to send and read tweets, such as Tweetdeck, were unaffected.

The popups could, though didn’t necessarily, contain malicious code that could take over poorly protected computers. The White House’s official Twitter feed — followed by 1.8 million users — was among those affected, though the offending message was quickly taken down.

Comments

Use the comment form below to begin a discussion about this content.

Commenting has been disabled for this item.