TweetDeck hijacked by pranksters, users receive absurd messages

By Christian Brazil Bautista Published June 13, 2014

tweetdeck hijacked pranksters users receive penis messages tweetdeck2 — Image used with permission by copyright holder

A security flaw in TweetDeck was exposed last Wednesday, causing the service to turn itself on and off over the course of a few hours. While the app was scrambling to restore service to users, hackers were having a field day, doing their best imitation of a 10-year old boy, plastering messages like “penis penis penis,” and “I love poop,” in alert boxes that took over the software.

The messages ranged from the comically inane…

Recommended Videos

Als ich #TweetDeck geöffnet habe und dieses Fenster sah, fühlte ich mich schon fast persönlich angegriffen^^ pic.twitter.com/UvQqTlKeBw

— • (@Negiert) June 11, 2014

Tweetdeck XSS pic.twitter.com/tgT9w0bZ1q

— Andreas Lindh (@addelindh) June 11, 2014

Good to know, Tweetdeck. Thanks! pic.twitter.com/YJ0qQox5Ar

— Agustina Prigoshin (@AgustinaP) June 11, 2014

To prompts that are just plain weird.

Tweetdeck is not fixed. pic.twitter.com/Zt0N5GkUFl

— Tyler Wilde (@tyler_wilde) June 11, 2014

Just like everything else in life, the disruption was also improved by some rickrollling.

hackers from 2007 are currently rickrolling ppl on TweetDeck tho pic.twitter.com/HfO03OiLjy

— Anthony B. L. Smith (@AnthonyBLSmith) June 11, 2014

According to CNNMoney, the security hole was discovered by an Austrian teenager named Florian. The vulnerability, which took advantage of TweetDeck’s cross-site scripting (XSS) capability, was exposed through the use of a heart symbol that contained a string of code. Florian said that he discovered that using “&hearts” to create a heart symbol opened a security flaw in the app that allowed people to send computer program commands through tweets.

He notified Twitter of the flaw, but pranksters were quick to take advantage of the vulnerability. One hacker even managed to create a code that caused users to auto-retweet his messages. The Twitter accounts of the New York Times and SFGate were affected by the disruption. The code for the re-tweet hack can be found below. So far, it’s been retweeted 79,000 times.

<script class=”xss”>$(‘.xss’).parents().eq(1).find(‘a’).eq(1).click();$(‘[data-action=retweet]’).click();alert(‘XSS in Tweetdeck’)</script>♥

— *andy (@derGeruhn) June 11, 2014

TweetDeck announced that the security hole was patched early on Thursday. However, some users were still reporting issues.

No, @TweetDeck is still NOT fixed. https://t.co/YM7IREhRlq is still hitting people. pic.twitter.com/nBUdkxHeg3

— Chris Pirillo (@ChrisPirillo) June 11, 2014

In a blog post, anti-virus software maker McAfee offered recommendations for dealing with the disruption. The company rattled off the usual laundry list of security measures, asking users to sign out of TweetDeck, change passwords regularly (14 characters is ideal) and to avoid third-party apps.

Topics

Twitter

Christian Brazil Bautista

Former Digital Trends Contributor

Christian Brazil Bautista is an experienced journalist who has been writing about technology and music for the past decade…

Computing

Best early Black Friday deals under $100: Amazon Echo, TVs, headphones and more

The Amazon Echo Pop on a desk.

Update 11/19/24: Black Friday is still over a week away, but you can already start your shopping with the Black Friday deals under $100 that we've gathered here. There's a possibility that these affordable items get even bigger discounts when the sale officially launches, but we won't blame you if you're already tempted by today's prices.

Black Friday will start on November 29, but if you've already got the itch to shop, check out the early Black Friday deals under $100 that we've gathered here. The offers cover smart home devices, laptops, TVs, kitchen gadgets, and so much more, so if you want to start enjoying discounts without blowing your entire budget for the shopping event, take a look at our favorite bargains below.

Mobile

The Galaxy A56 may get one of the S24 Ultra’s top features

A person using the Samsung Galaxy A55.

Samsung may be ready to change one of the long-standing negatives about its otherwise desirable Galaxy A5x series phones — the charging speed. For the Galaxy A55’s replacement, currently expected to be called the Galaxy A56, Samsung may introduce 45-watt charging speeds, a big increase over the current 25W charging, according to a report originating in China.

The source is an official-looking certificate from the Chinese government’s Quality Certification Centre (CQC) which is responsible for ensuring devices sold in China meet the required standards. The phone is listed as the SM-A5660, and seeing as the Galaxy A55’s model number is the SM-A556, it’s not much of a stretch to assume we’re looking at details of the unreleased Galaxy A56. Apparently, the phone’s maximum 10V/4.5A system equates to a 45W charging speed.

Mobile

I used a Wear OS smartwatch for the first time, and I love it

Someone wearing an Apple Watch Ultra and Pixel Watch 3 on different wrists.

Ever since the original Apple Watch, smartwatches as a whole have really taken off. Though Apple largely dominates the market, there are still plenty of non-Apple smartwatches to choose from.

I’ve been solely an Apple Watch user for the past decade, but I’ve been trying out a Google Pixel Watch 3 for the past couple of weeks. And, honestly, I kind of love it.
A round smartwatch is so much sleeker