Get a free application, infrastructure and malware scan report - Scan Your Website Now

Subscribe to our Newsletter
Try AppTrana WAAP (WAF)

Managed WAF

Starts at $99

Guided onboarding, monitoring of latency, false positives, and DDoS attacks, custom rules, and more

Try Free For 14 Days

And so the breaches continued: Twitter’s TweetDeck Hacked

Posted DateJune 12, 2014
Posted Time 3   min Read

TweetDeck, the popular social media dashboard application for management of Twitter accounts, had to be temporarily shut down today, after being found vulnerable to cross-site scripting (XSS).

The incident occurred reportedly as an accident when an Austrian teenager succeeded in using the ♥ symbol by creating an opening in TweetDeck’s software. After trying the same message a couple of times, he announced the discovery of the vulnerability in TweetDeck, via a tweet. By the time he informed Twitter about the vulnerability, the hacker’s community had already ensured a mass TweetDeck hijacking.

If you are wondering how a single tweet caused such massive disruption in the tweet world, let us take you through a little more detail. Cross-site scripting, commonly known as XSS, refers to a weakness in the design of a website which can then be used by an attacker to inject malicious code into a website or web application, causing it to sway from its determined function. In this case, the XSS in TweetDeck allowed JavaScript to become plain text where a computer code was inserted, which when viewed in a user’s TweetDeck, retweeted itself as a code.  The result was a worm which even though unable to force the user to follow the attacker, did cause considerable damage as it replicated with the simple act of viewing and did not restrict itself to infect, only when clicked upon.

Users were alerted when they started receiving strange pop-ups, meanwhile, their TweetDeck app was busy re-tweeting tweets from “andy” (@derGeruhn ) over 40,000 users’ systems. Efforts to un-retweet these messages, resulted in an error message and did not cause any effect on the original message.

Could this have been avoided?

Yes.

Could this have resulted in more damage?

The answer, unfortunately, is again, Yes.

As we have explained in a previous post, hackers frequently use XSS to execute scripts in the victim’s applications which can hijack user sessions, deface websites, or redirect the user to malicious sites. This attack for TweetDeck could have easily resulted in a major brand tarnishing episode. Quick action on their part helped, and also the fact that the initiator informed them of the vulnerability quickly. But this is not always the case. Loss of millions, even billions of dollars can be prevented by enterprises if a few steps are taken to protect a web application:-

  1. Exercising caution when clicking on links that look suspicious ( Of course, in this case, viewing was enough to get the code into action )
  2. An active vigil should be practiced by your security vendor while assessing the safety of your applications. Continuous vulnerability assessments of your applications help you in finding the vulnerabilities before the hacker does and fixing them. The flaw that was exploited in TweetDeck existed since 2011. Apparently, TweetDeck missed fixing this flaw. A scan done by  IndusGuard Web/Mobile could have easily saved them from all the bad press. Indusface Web Application Security helps in securing organizations’ web applications with automated and manual scanning to detect all vulnerabilities. Similarly, Indusface Mobile helps in securing your mobile applications from such malicious attacks and loss of sensitive data.
  3. Add a Web Application Firewall (WAF) to your defense layers. Gartner mentioned in a recent report that any organization which owns a public website, makes internal Web Applications available to partners and clients, or has business-critical internal web applications, should consider investing in WAF. In the attack on TweetDeck, the tweet that started it all was added with a script that forced the simulation of the retweet button. A WAF could have blocked the keywords resulting in the formation of the malicious script and could have prevented the attack altogether.

Even though Twitter has announced that the security issue infecting TweetDeck has been fixed, the probability of the bug providing hackers access to your login credentials is quite high. Therefore it’s a good idea to change your password for TweetDeck and any other accounts where you were repeating the same password.

Stay tuned for more relevant and interesting security articles. Follow Indusface on FacebookTwitter, and LinkedIn.

web application security banner

Venkatesh Sundar

Venky is an Application Security technologist who built the new age Web application Scanner and Cloud WAF - AppTrana at Indusface as a Founding CTO. Currently, he spends his time on driving Product Roadmap, Customer Success, Growth, and technology adoption for US businesses.

Share Article:

Join 47000+ Security Leaders

Get weekly tips on blocking ransomware, DDoS and bot attacks and Zero-day threats.

We're committed to your privacy. indusface uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.

Related Posts

Recent Notorious Hacks History
35 Most Notorious Hacks in History that Fall Under OWASP Top 10

What were the most notorious hacks in history? They’re subject to debate, but we bring you 27 of them, which would be strong candidates for the title.

Read More
Protect Your Business From Data Breach
Best Practices to Protect your Business from Data Breach

Data Breach is the situation were confidential, private and/or sensitive information is exposed to an unsecured environment/ unauthorized individual accidentally or by means of a deliberate attack on a system/.

Read More
CISO Responsibilities
CISO Responsibilities and Questions to Ask

Beefing up the security of your website is a necessity in today’s rapidly-changing digital landscape, but do you need a CISO?

Read More

AppTrana

Fully Managed SaaS-Based Web Application Security Solution

Get free access to Integrated Application Scanner, Web Application Firewall, DDoS & Bot Mitigation, and CDN for 14 days

Get Started for Free Request a Demo

Gartner

Indusface is the only cloud WAAP (WAF) vendor with 100% Customer Recommendation for 3 consecutive years.

A Customers’ Choice for 2022 and 2023 - Gartner® Peer Insights™

The reviews and ratings are in!