Tweetdeck Got Hacked Today And An Austrian Teenager Has Taken Credit

Update: A 19-year-old has taken responsibility for the attack, which he reportedly triggered accidentally.

By
Ryan Broderick
by Ryan Broderick

BuzzFeed News Reporter

and
Rachel Zarrell
by Rachel Zarrell

BuzzFeed Staff

Updated 4:23 p.m. ET

Tweetdeck was hacked Wednesday morning, with many users seeing strange pop-ups while using the service.

p @pali7x

I disagree. #loli #tweetdeck #twitter

Reply Retweet Favorite
J. M. @gutfella

Benutzt jemand #tweetdeck und hat heute folgendes gesehen?

Reply Retweet Favorite

The hack came about because basically there was a vulnerability in the Tweetdeck code that stops Javascript from becoming text.

Bruno Skvorc @bitfalls

Uhhh... what? #tweetdeck

Reply Retweet Favorite

Which means people can us cross-site scripting or XSS to make your Tweetdeck say things to you, like "penis" for instance.

@Negiert

Als ich #TweetDeck genet habe und dieses Fenster sah, fühlte ich mich schon fast persönlich angegriffen^^

Reply Retweet Favorite

The hack was reportedly brought about by a 19-year-old Austrian computer geek named Florian, who was trying to use a heart symbol like this "♥" loaded with a string of code.

His tweet translates roughly to "I wonder if this will work."

Firo Xl @firoxl

Ob das wohl funktioniert: Test ♥

Reply Retweet Favorite

It did work, and the teen, who had less than 100 followers, found a little-known flaw in the system, The Verge reports:

[T]he tags did their job and the heart symbol, which Twitter would normally mangle, came through TweetDeck just fine, indicating the service was executing commands from plaintext. @FiroXL wasn't aware of the initial vulnerability, discovered back in 2011, but he had accidentally stumbled back onto it.

Arthur Frayn @_d3f

Bug found by @firoxl :-) #XSS #Tweetdeck

Reply Retweet Favorite

Florian (who prefers to go by Firo, and withheld his last name for privacy reasons) told CNN he was just messing around and didn't mean to find the opening in Tweetdeck's software.

"It wasn't a hack. It was some sort of accident," he said.

Firo added a heart to a bunch of tweets as an experiment, eventually creating a pop-up on his own dashboard.

He then announced, "Vulnerability discovered in TweetDeck. \ o /"

Though he told Twitter about the vulnerability, the hacker community had already noticed. That's when the mass hijacking proceeded.

Tweetdeck continued to have problems throughout the day.

TweetDeck @TweetDeck

We've temporarily taken TweetDeck services down to assess today's earlier security issue. We'll update when services are back up.

Reply Retweet Favorite

The XSS bug might have enabled hackers to access your login credentials and it wouldn't be too hard for them to get into your email, so it's probably a good idea to change your password.

Anthony B. L. Smith @AnthonyBLSmith

hackers from 2007 are currently rickrolling ppl on TweetDeck tho

Reply Retweet Favorite
Skip to footer