Twitter security flaw hits thousands of users

This article was originally on a blog post platform and may be missing photos, graphics or links. See About archive blog posts.

Have something you have to tweet this morning? You might want to stay away from Twitter.com.

Thousands of Twitter users are dealing with what seems to be a security flaw that is causing messages and third-party websites to pop up on the page when users “mouse over” posted links on the popular messaging site. The outside content appears even if users don’t click on the links.

[Updated at 7:21 a.m.: Twitter said it had identified and patched the flaw and was urging users to message @safety in the future with information about problems. ‘We expect the patch to be fully rolled out shortly and will update again when it is,’ the company posted on its status blog.]

Third-party applications such as Tweet Deck and Tweetie appear to be unaffected. Users can delete problematic posts with those applications.

Graham Cluley, a researcher at security firm Sophos, wrote on his blog that the more than 1 million Twitter followers of Sarah Brown, wife of former British Minister Gordon Brown, had already encountered the glitch. Her Twitter page has redirected visitors to a hard-core porn site based in Japan.

Hackers could likely take advantage of the bug, directing users to ‘third-party websites containing malicious code, or for spam advertising pop-ups to be displayed,’ Cluley wrote. But he wasn’t sure whether the flaw would harm computers, saying that ‘it looks like many users are currently using the flaw for fun and games.’

-- Tiffany Hsu