Twitter users hit by nasty JavaScript mouseover hack

Microblogging site Twitter has been hit by a JavaScript exploit capable of redirecting followers to third-party websites if you so much as move your cursor over the tweet.

Twitter is currently in the midst of a catastrophic storm of techno-japery, which allows third-party websites to open pages and pop-ups in your browser.

Anyone viewing Twitter online using the Web client at Twitter.com will no doubt be seeing bizarre blocks of colour, (so-called 'rainbow tweets') blacked-out messages or strings of garbled nonsense.

Just rolling your cursor over these odd tweets can cause all manner of madness, from tweets being posted from your own account, to pop-ups springing on to your screen, redirecting you to pornographic or malware sites.

Essentially this is an exploit that uses Twitter's own code to mischievous ends. Graham Cluley, senior technology consultant at Sophos, told us that the exploit started as a way for users to have fun -- creating colourful blocks of text or pop-up messages out of their tweets. With a little tinkering, however, the same code can be used to redirect users to all manner of other sites, and automatically tweet from a user's account.

The blame for this craziness surely lies with Twitter. Cluley told us, "You would have hoped that Twitter would have excised all JavaScript from people's tweets."

Sarah Brown, wife of the former British prime minister, has notably been affected by the attack -- a tweet from her account redirects her one million followers to a Japanese porn site.

Sarah Brown Twitter porn

If you stay away from the Web version you should be safe, so if you can, we recommend using a third-party client such as TweetDeck to handle your tweeting for now. We'll let you know more as it happens, but we're particularly keen to see Twitter's official statement on the matter...

Update: Twitter's status page says that the flaw has been fixed, so you should be safe to use the Web version again. There's no official statement as yet from the company, however.

Update 2: Twitter has now published a blog on its site explaining what went wrong and confirming that everything is back to normal on the web service. 

Tags:
Software
About the author

Luke Westaway is a senior editor at CNET and writer/ presenter of Adventures in Tech, a thrilling gadget show produced in our London office. Luke's focus is on keeping you in the loop with a mix of video, features, expert opinion and analysis.

 

Join the discussion

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET

HOT ON CNET

Love heavy and clunky tablets?

Said no one ever. CNET brings you the lightest and thinnest tablets on the market.