TweetDeck wasn't actually hacked, and everyone was silly
Twitter's popular account management service TweetDeck got nailed by the public discovery of a cross-site scripting vulnerability that not only replicated itself, but managed to make the security issue into a hilarious comedy of errors.
Twitter's popular account management service TweetDeck got nailed when a hacker discovered and announced a cross-site scripting (XSS) vulnerability, one which replicated itself and became a comedy of errors — and misreporting.
Twitter temporarily disabled TweetDeck, which it owns, until the issue was fixed, but much ridiculousness had already been unleashed by one Twitter user, an Austrian teenager calling himself "Firo," who told CNN on Wednesday he was just trying to tweet out a pink "heart" icon.
TweetDeck wasn't hacked. It was already broken
The important thing to understand is that Firo didn't "hack" TweetDeck. The bug has always been in TweetDeck, and he was simply the first to publicly point it out.
While today's antics were harmless — though, embarrassing for some and inconvenient for others — other uses of this vulnerability until today were probably no so light-hearted.
It also resulted in high-profile and verified accounts — estimated at 30,000 in total, including @NYTimes and @BBCBreaking — automatically retweet the bug, and so on.
Let the "lulz" begin
The opportunity for "lulz" was simply irresistible in security communities.
Tweetdeck announced a new "interactive tweet" feature today that opens up a new world of possibilities for what you can do with a tweet.