View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
September 21, 2010updated 19 Aug 2016 10:05am

Twitter hover hack causes havoc

Site slow to plug security loophole

By Jason Stamper Blog

A security flaw in the latest version of the popular Twitter social networking user interface is causing havoc with the service, with the former PM’s wife Sarah Brown among thousands who have been hit by the flaw.

In further embarrassment for Twitter just a week after the new user interface was launched, the bug only affects those using Twitter directly, not those who access their Twitter account via third party sites like Tweetdeck.

Sarah Brown, who has well over a million followers on Twitter, sent a link from her Twitter account that redirected users to a hard core pornographic website. The link will have been sent out from her account without her knowledge, as hackers have been able to exploit a scripting loophole in Twitter status updates that means when you hover your mouse over malicious tweets, a particular function can be carried out – from redirecting you to another website, sending out further messages without your knowledge or worse.

"While most examples of the ‘onmouseover’ security flaw seem to be people playing around with code without specific malicious aim, there have already been numerous cases reported today of porn and shock site redirects, along with profile corruption and various other side effects," said Christopher Boyd, senior threat researcher at GFI Software. "While there’s a possibility that bad actors may use this to direct end-users to malware and phish pages, I’d like to think Twitter will have this under control before that happens. However, we are surprised that Twitter has not suspended the main twitter.com web site while it works on a fix."

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU