Home / Software & Gaming / Security / BBC and others caught out by Tweetdeck flaw

BBC and others caught out by Tweetdeck flaw

A flaw in the TweetDeck plugin for the Chrome web browser saw over 80,000 twitter accounts automatically retweet a message yesterday, including big name ones like the BBC and one associated with the White House. The bug has now been fixed, but it spread like wildfire in the few hours it was known about.

Discovered initially by Austrian user, Florian, the bug meant that the TweetDeck plugin read and executed code found in tweets. When sending out a tweet with a small section of HTML in it, Florian noticed it was being executed when viewed through TweetDeck. This led to him creating a custom pop-up message to showcase the problem and then he informed TweetDeck of the issue.

This guy explains it way better than I could: [yframe url='http://www.youtube.com/watch?v=zv0kZKC6GAM']

Before it could be shored up however, others discovered it, leading one user to tweet out a script which automatically retweeted it through your account if viewed through TweetDeck.

andy

80,000 tweets later and “andy” is a lot more well known than he was yesterday. “I was shocked when I saw that the script got executed. This is a mistake that no web developer should ever make,” he said, when contacted by The Telegraph.

TweetDeck has now fixed the issue and apologised for the oversight.

KitGuru Says: Rookie mistake TweetDeck. How about you give Florian a nice reward for figuring out this problem for you?

Become a Patron!

Check Also

Nvidia driver update fixes crucial security vulnerabilities

Nvidia GeForce, RTX, Quadro, NVS and Tesla GPU users will want to update their drivers soon. Nvidia has pushed out a hotfix with a number of critical security fixes that if left unfixed, could allow for unauthorised access to systems. 

One comment

  1. Thats JavaScript, not HTML