Update: Tweetdeck has taken down the service to assess the vulnerability that was used in today’s attack.
Original post:
TweetDeck, a popular tool for Twitter power users, has announced that it has fixed the XSS vulnerability used in a hack that took place this morning and that users should log out and log back in to complete the fix on their end.
https://twitter.com/TweetDeck/status/476763638695743489
A cross-site scripting vulnerability makes it possible to trick your browser into running outside code. The only option available to protect yourself was to close out of the TweetDeck web app (or Chrome extension), which forced power users to make a tough decision:
@kylebrussell ugh I dont want to use http://t.co/54GdURnLwO OR get hacked on tweetdeck ugh
— Sam Colt (@scranecolt) June 11, 2014
Join 10k+ tech and VC leaders for growth and connections at Disrupt 2025
Netflix, Box, a16z, ElevenLabs, Wayve, Hugging Face, Elad Gil, Vinod Khosla — just some of the 250+ heavy hitters leading 200+ sessions designed to deliver the insights that fuel startup growth and sharpen your edge. Don’t miss the 20th anniversary of TechCrunch, and a chance to learn from the top voices in tech. Grab your ticket before doors open to save up to $444.
Join 10k+ tech and VC leaders for growth and connections at Disrupt 2025
Netflix, Box, a16z, ElevenLabs, Wayve, Hugging Face, Elad Gil, Vinod Khosla — just some of the 250+ heavy hitters leading 200+ sessions designed to deliver the insights that fuel startup growth and sharpen your edge. Don’t miss a chance to learn from the top voices in tech. Grab your ticket before doors open to save up to $444.
The vulnerability was mostly used to force pop-ups onto people’s screens as in the image above. But had the vulnerability remained open long, the hacker taking advantage of it could have taken over user accounts. We’re keeping an eye out, but so far we haven’t seen any evidence that accounts were actually compromised in the attack.
