TweetDeck users were just minding their own business, when suddenly, all hell broke loose:
I just got back from dinner and returned to TweetDeck popups with XSS error popups. Should I be concerned?
— Michael van Poppel (@mpoppel) June 11, 2014
What in the blue hell is wrong with Tweetdeck? Keeps saying it can't RT something I didn't RT. Super irritating.
— Kelly (@flyoverangel) June 11, 2014
According to Gizmodo, the issue was “an XSS vulnerability that allows attackers to execute code remotely on your computer just by tweeting it out.” Here’s what that looks like:
Tweetdeck has gone bananas, and everyone is retweeting this tweet. http://t.co/HEUnx0lF4s pic.twitter.com/TrGGjnVvdD
— Joe Weisenthal (@TheStalwart) June 11, 2014
https://twitter.com/mikeBithell/status/476766169907875840
Uh oh @twitter @support @tweetdeck, this doesn't look good… pic.twitter.com/IFegscZ1XC
— Richard Stanway (@R1CH_TL) June 11, 2014
More XSS in my tweetdeck. I did not do this 🙁 cc @twitter @doeg pic.twitter.com/WqxIhGvPNL
— Taylor Hornby (@DefuseSec) June 11, 2014
What the hell happened to TweetDeck? Thought someone hacked @GenOpp but that's not it. Anyone get pop-ups like this? pic.twitter.com/RNCrkudK1L
— Corie Whalen (@CorieWhalen) June 11, 2014
MASSIVE PROBLEM ON @TWEETDECK, I'm seeing numerous accounts compromised retweeting this tweet cc @twitter pic.twitter.com/mRYol2RYUZ
— Raphael Gluck (@einfal) June 11, 2014
TweetDeck claimed to have fixed the problem:
A security issue that affected TweetDeck this morning has been fixed. Please log out of TweetDeck and log back in to fully apply the fix.
— TweetDeck (@TweetDeck) June 11, 2014
Recommended
But users weren’t exactly convinced:
I'm not entirely convinced Tweetdeck has fixed that vulnerability. Seeing same script under different account names now.
— Peter Cook (@_Peter_Cook) June 11, 2014
Wowza. I think I'll stay logged out of Tweetdeck for awhile, it was worse after I logged out and back in.
— Kelly (@flyoverangel) June 11, 2014
Looks like I won't be going back to Tweetdeck for the rest of today.
— Dan McLaughlin (@baseballcrank) June 11, 2014
Hmmm.
… is it safe to go back to Tweetdeck yet?
— Spencer Ackerman (@attackerman) June 11, 2014
Nope. About half an hour after tweeting that the issue had been resolved, TweetDeck sent this update:
We've temporarily taken TweetDeck services down to assess today's earlier security issue. We'll update when services are back up.
— TweetDeck (@TweetDeck) June 11, 2014
Basically giving us the green light to freak out:
https://twitter.com/staypuft/status/476770978786074626
https://twitter.com/staypuft/status/476765640188243968
https://twitter.com/SonnyBunch/status/476771639829745664
WHAT THE FUCK IS HAPPENING TO TWEETDECK PLEASE EXPLAIN pic.twitter.com/OBNI90uMPU
— Nady (@Ny_Nady) June 11, 2014
the fuck you doing tweetdeck
— CurtZeNinja **COMMISSIONS OPEN** (@CurtZeNinjaMC) June 11, 2014
So Tweetdeck is broken/hacked & it just took me about 3 min to figure out how the fuck to tweet from the web interface. Tweetdeck come back!
— Brynna (@brynna42) June 11, 2014
FUCK THIS! I RELOGGED CLOSED IT!. Tweetdeck PLS!
— DemonhuntersMC (@DemonhuntersMC) June 11, 2014
https://twitter.com/bccover/status/476768866409119744
Awww, don’t cry! TweetDeck may have been on life support, but our sense of humor never skipped a beat!
https://twitter.com/CuffyMeh/status/476768359099666432
OK- who posted the link to "innocence of muslims" on tweetdeck?
— Nino (@baldingschemer) June 11, 2014
Ha!
Supposedly, the problem’s been fixed for reals now:
We've verified our security fix and have turned TweetDeck services back on for all users. Sorry for any inconvenience.
— TweetDeck (@TweetDeck) June 11, 2014
We’ll see about that.
https://twitter.com/NathanWurtzel/status/476785789486247936
Join the conversation as a VIP Member