‘What is this, the Dark Ages?’ Tweetdeck goes down, massive freakout ensues

Posted at 2:06 pm on June 11, 2014 by Sarah D.

TweetDeck users were just minding their own business, when suddenly, all hell broke loose:

I just got back from dinner and returned to TweetDeck popups with XSS error popups. Should I be concerned?
— Michael van Poppel (@mpoppel) June 11, 2014

What in the blue hell is wrong with Tweetdeck? Keeps saying it can't RT something I didn't RT. Super irritating.
— Kelly (@flyoverangel) June 11, 2014

According to Gizmodo, the issue was “an XSS vulnerability that allows attackers to execute code remotely on your computer just by tweeting it out.” Here’s what that looks like:

Tweetdeck has gone bananas, and everyone is retweeting this tweet. http://t.co/HEUnx0lF4s pic.twitter.com/TrGGjnVvdD
— Joseph Weisenthal (@TheStalwart) June 11, 2014

close tweetdeck on chrome if you use it, part of me admires the evil genius of this (twitter will lock this down now) pic.twitter.com/0HhRNSDMvE
— Mike Bithell (@mikeBithell) June 11, 2014

Uh oh @twitter @support @tweetdeck, this doesn't look good… pic.twitter.com/IFegscZ1XC
— Richard Stanway (@R1CH_TL) June 11, 2014

More XSS in my tweetdeck. I did not do this 🙁 cc @twitter @doeg pic.twitter.com/WqxIhGvPNL
— Taylor Hornby (@DefuseSec) June 11, 2014

What the hell happened to TweetDeck? Thought someone hacked @GenOpp but that's not it. Anyone get pop-ups like this? pic.twitter.com/RNCrkudK1L
— C. Whalen Stephens (@CorieWStephens) June 11, 2014

MASSIVE PROBLEM ON @TWEETDECK, I'm seeing numerous accounts compromised retweeting this tweet cc @twitter pic.twitter.com/mRYol2RYUZ
— Raphael Gluck ツ (@einfal) June 11, 2014

TweetDeck claimed to have fixed the problem:

A security issue that affected TweetDeck this morning has been fixed. Please log out of TweetDeck and log back in to fully apply the fix.
— TweetDeck (@TweetDeck) June 11, 2014

But users weren’t exactly convinced:

I'm not entirely convinced Tweetdeck has fixed that vulnerability. Seeing same script under different account names now.
— Slublog (@Slublog) June 11, 2014

Wowza. I think I'll stay logged out of Tweetdeck for awhile, it was worse after I logged out and back in.
— Kelly (@flyoverangel) June 11, 2014

Looks like I won't be going back to Tweetdeck for the rest of today.
— Dan McLaughlin (@baseballcrank) June 11, 2014

Hmmm.

… is it safe to go back to Tweetdeck yet?
— Spencer Ackerman (@attackerman) June 11, 2014

Nope. About half an hour after tweeting that the issue had been resolved, TweetDeck sent this update:

We've temporarily taken TweetDeck services down to assess today's earlier security issue. We'll update when services are back up.
— TweetDeck (@TweetDeck) June 11, 2014

Basically giving us the green light to freak out:

WHAT DID YOU DO, RAY? #Tweetdeck
— Stay Puft (@staypuft) June 11, 2014

THERE IS NO TWEETDECK. ONLY ZUUL.
— Stay Puft (@staypuft) June 11, 2014

Now TweetDeck's down altogether? Jesus, what is this, the dark ages?
— Sonny Bunch (@SonnyBunch) June 11, 2014

WHAT THE FUCK IS HAPPENING TO TWEETDECK PLEASE EXPLAIN pic.twitter.com/OBNI90uMPU
— Nady (@Ny_Nady) June 11, 2014

the fuck you doing tweetdeck
— CurtZeNinja (@CurtZeNinja) June 11, 2014

So Tweetdeck is broken/hacked & it just took me about 3 min to figure out how the fuck to tweet from the web interface. Tweetdeck come back!
— Brynna (@rihani) June 11, 2014

FUCK THIS! I RELOGGED CLOSED IT!. Tweetdeck PLS!
— DemonhuntersMC (@DemonhuntersMC) June 11, 2014

I will be sitting here staring at Hootsuite all confused until Tweetdeck gets itself together. *sobs*
— Brittany Cover (@bccover) June 11, 2014

Awww, don’t cry! TweetDeck may have been on life support, but our sense of humor never skipped a beat!

RT @BarackObama the Tweetdeck Hack made me make that horrible Bergdahl trade.
— Cuffé (@CuffyMeh) June 11, 2014

OK- who posted the link to "innocence of muslims" on tweetdeck?
— Nino (@baldingschemer) June 11, 2014

Ha!

Supposedly, the problem’s been fixed for reals now:

We've verified our security fix and have turned TweetDeck services back on for all users. Sorry for any inconvenience.
— TweetDeck (@TweetDeck) June 11, 2014

We’ll see about that.

RT @TweetDeck: We have fixed our security breach and want you to knATTENTION EARTHLINGS: ATTEMPT NO LANDINGS ON EUROPA
— Natevember (@NathanWurtzel) June 11, 2014

Tags: compromised retweet security Tweetdeck XSS

Media

CNN’s Oliver Darcy now seeing Infowars in places it doesn’t appear, like Trump’s tweets

Media

Washington Post columnist puts that whole “Nazis were socialists” thing to bed, so go ahead and embrace it

General

CNN’s Oliver Darcy now seeing Infowars in places it doesn’t appear, like Trump’s tweets

Washington Post columnist puts that whole “Nazis were socialists” thing to bed, so go ahead and embrace it

Middle school removes sexist, misogynistic, woman-shaming quote after image goes viral

“A newborn is without his father Friday” — because his father was wanted on an outstanding homicide warrant

CNN’s Oliver Darcy now seeing Infowars in places it doesn’t appear, like Trump’s tweets

Washington Post columnist puts that whole “Nazis were socialists” thing to bed, so go ahead and embrace it

Middle school removes sexist, misogynistic, woman-shaming quote after image goes viral

SHOCKER: CEO Jack Dorsey admits Twitter’s bias is “more left-leaning,” but libs still don’t believe him

Now California is proposing to legislate what drinks restaurants can serve your kids

This back-and-forth between @redsteeze and a writer over his “abortion joke” is funnier than the joke

recent stories