XSS (Cross Site Scripting) vulnerability hits twitter.com.
The flaw used simple JavaScript function to call onMouseOver which created an event when the mouse is passed over an area of text. The user was then redirected to a third party site without the users consent.
Twitter’s @safety account tweeted Tuesday morning, “We’ve identified and are patching a XSS attack; as always, please message @safety if you have info regarding such an exploit.”
As of 10:00AM EST twitter issued this statement “This should now be fully patched and is no longer exploitable.”
Mashable estimates that the security flaw “has been widely exploited on thousands of Twitter accounts.” TechCrunch reports the onMouseover exploit may have spread to as many as 40,000 tweets in just 10 minutes.
Have you seen it? How has it affected you? Let us know below.
About Dinesh MistryI am a full time Security Professional, Ethical Hacker, and overall technology enthusiast. I also enjoy working on Search Engine Optimization as time permits.
Pingback: Tweets that mention Twitter Hacked - onMouseover Bug -- Topsy.com
Did this hold true for the new twitter.com interface or just the old one?
Good question, from what I gather it only seemed to hold true for the older interface.