Mouseover flaw: Will Twitter's credibility suffer?

Will Twitter's credibility fall after the widespread but short-lived mouseover bug, or will the prevalence of the 'fail whale' set users up for failure already?
Written by Zack Whittaker, Contributor

It didn't last long, but it sure as hell spread. A mouseover flaw was exploited spreading messages automatically by hovering over text containing the link, and in some cases it occurred without even as much as a mouse move.

Everyone using the service from the website - twitter.com - was vulnerable. Every celebrity tweeter, every highly recognised influencer, reporter, blogger, civilian - even the wife of the former UK Prime Minister was vulnerable, spreading the code to her 1.1 million followers.

The flaw was fixed within an hour of the problem coming to light, but the 'long term effects' (which still is relatively short lived in the world of microblogging) can still be felt.


Scrolling back to other people's tweets, for those who haven't yet been able to remove the affected messages can still be seen though will not cause harm - even by clicking on them. And even though the trending topics on the site are localised and change rapidly with the consensus of users, topics which trended perpetuated the flaw even further.

The cause of the bug appeared to be status text which resembled:

http://a.no/@"onmouseover=";$('textarea:first').val (this.innerHTML);$('.status-update-form').submit(); "class="modal-overlay"/

The thing that seemed to have shocked many is that, though security flaws, exploits, fast spreading worms and viruses are talked about almost constantly in the news, it rarely seems to happen to you. It even hit me out of the blue; the second that I hit 'login' on the page, my Twitter feed was overrun with retweeted messages from a number of individuals.

Using the mobile site as described by colleague Adrian Kingsley-Hughes on the desktop - mobile.twitter.com - allowed many to use the site without further problems.

Twitter is not frivolous, pointless, a time-waster or designed for idiots in mind. It has more users than most countries have numbers in population, and this exploit proved how quickly it can spread. Had it been something malicious that was spread in the code, the damage could have been unmeasurable.

Younger users will take advantage of new tools, services and communication platforms, but all it takes it one dent to fatally knock the trust between the service and the user, and they've lost a customer. And just because we may not pay for a service does not mean the user's is not a customer still.

But for the millions who use the website, which is still to be the most popular Twitter client, this massively public, quick-spreading exploit could well have lost them users.

Then again, considering the 'fail whale' is still a regular occurrence, Twitter users more than anyone should be more accustomed to service failures and downtime than any other.

Do you believe Twitter's credibility will suffer, or will this all be forgotten about by tomorrow?

Editorial standards