Twitter apologizes after users hit by 'mouseover' attack

Twitter apologized to its millions of users on Tuesday after hackers exploited a security hole and wreaked havoc on the microblogging service.

Bob Lord, a member of Twitter's security team, said no account information was compromised in the attack, dubbed the "mouseover bug" because it was spread by users scrolling over infected links with a computer mouse.

The bug opened pop-up windows in Web browsers, linked some users to porn websites, or automatically generated the short messages known as "tweets" from a user's account.

San Francisco-based Twitter said the attack began around 2:30 am California time (0930 GMT) and was brought under control four-and-a-half hours later.

But not before thousands of users saw bizarre strings of computer code in their incoming message feed and inadvertently passed them on to other users in their list of followers.

The infected links looked like regular messages but contained lines of random computer code or were completely blacked out like a message that has been redacted.

Those hit by the bug included Sarah Brown, the wife of the former British prime minister who has over 1.1 million followers on Twitter, and White House press secretary Robert Gibbs, who has 97,000 followers.

"My Twitter went haywire," Gibbs wrote on @presssec. "Paging the tech guys."

"Don't know what everyone else got, but my bug sent me an advert for a weight loss program - as if that would work!" Brown joked at @sarahbrownuk.

Twitter's Lord explained the attack in a blog post, saying it was caused by cross-site scripting (XSS), which involves placing code from an untrusted website into another one.

"In this case, users submitted javascript code as plain text into a tweet that could be executed in the browser of another user," he said.

Lord said Twitter had patched up a similar issue last month but it resurfaced as the result of a recent site update.

He said the initial attack involved pop-up boxes which appeared when a Twitter user hovered over an infected link with their mouse.

"Other users took this one step further and added code that caused people to retweet the original tweet without their knowledge," he said.

Lord stressed there was no need for Twitter users to change passwords "because user account information was not compromised through this exploit."

"We apologize to those who may have encountered it," he said.

Graham Cluley of computer security firm Sophos said that in Sarah Brown's case her Twitter page tried to redirect visitors to a porn site in Japan.

Cluley said the hackers behind the attacks exploited the security hole "for fun and games."

"But there is obviously the potential for cybercriminals to redirect users to third-party websites containing malicious code, or for spam advertising pop-ups to be displayed," he said.

Gibbs, the White House spokesman, told reporters the incident had not made him reconsider using Twitter.

"From time to time, I have no doubt that there will be those that want to gum up the system and things like that," he said. "I don't hesitate to continue to use it."

Without technology "we'd all be writing on - yes, parchment, or we'd be sending letters in the mail as press releases, which we used to do not too long ago," he said. "So, it's the vagaries of doing business."

Twitter, which allows users to pepper one another with messages of 140 characters or less, has over 145 million registered users firing off more than 90 million tweets a day, co-founder Evan Williams said recently.

Twitter unveiled a major redesign of its website a week ago that is being slowly rolled out to users of the service across the globe. The company said the attack was not connected to Twitter's revamp.

PROMOTED VIDEO
Life and Style
ebookNow available in paperback
Life and Style
ebooksA superb mix of recipes serving up the freshest of local produce in a delicious range of styles
News
people
Sport
footballArsenal 2 Borussia Dortmund 0: And they can still top the group
News
Andy Murray with his girlfriend of nine years, Kim Sears who he has got engaged to
peopleWimbledon champion announces engagement to girlfriend Kim Sears
Arts and Entertainment
Jake Quickenden and Edwina Currie are joining the I'm A Celebrity...Get Me Out Of Here! camp
tv
Arts and Entertainment
George Mpanga has been shortlisted for the Critics’ Choice prize
music
News
Albert Camus (left) and Jean-Paul Sartre fell out in 1952 and did not speak again before Camus’s death
people
Arts and Entertainment
Roisin, James and Sanjay in the boardroom
tvReview: This week's failing project manager had to go
News
Ed Miliband visiting the Holocaust museum in Jerusalem. The Labour leader has spoken more openly of his heritage recently
newsAttacks on the Labour leader have coalesced around a sense that he is different, weird, a man apart. But are the barbs more sinister?
Arts and Entertainment
'Felfie' (2014) by Alison Jackson
photographyNew exhibition shows how female creatives are changing the way women are portrayed in advertising
News
i100
Extras
indybest
Life and Style
Fright night: the board game dates back to at least 1890
life
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Recruitment Genius: Junior Web Developer / App Developer

    Negotiable: Recruitment Genius: This is an opportunity to join one of the UK's...

    Argyll Scott International: Financial Accounting Manager

    £300 - £400 per day: Argyll Scott International: I am currently recruiting on ...

    SThree: Associate Recruitment Consultant

    £18000 - £23000 per annum + OTE: SThree: SThree are seeking Associate Recruitm...

    Ampersand Consulting LLP: Server Engineer/ Systems Engineer (Windows Server, Networking)

    £23000 - £27000 per annum + Benefits: Ampersand Consulting LLP: Server Enginee...

    Day In a Page

    Cameron, Miliband and Clegg join forces for Homeless Veterans campaign

    Cameron, Miliband and Clegg join forces for Homeless Veterans campaign

    It's in all our interests to look after servicemen and women who fall on hard times, say party leaders
    Millionaire Sol Campbell wades into wealthy backlash against Labour's mansion tax

    Sol Campbell cries foul at Labour's mansion tax

    The former England defender joins Myleene Klass, Griff Rhys Jones and Melvyn Bragg in criticising proposals
    Nicolas Sarkozy returns: The ex-President is preparing to fight for the leadership of France's main opposition party – but will he win big enough?

    Sarkozy returns

    The ex-President is preparing to fight for the leadership of France's main opposition party – but will he win big enough?
    Is the criticism of Ed Miliband a coded form of anti-Semitism?

    Is the criticism of Miliband anti-Semitic?

    Attacks on the Labour leader have coalesced around a sense that he is different, weird, a man apart. But is the criticism more sinister?
    Ouija boards are the must-have gift this Christmas, fuelled by a schlock horror film

    Ouija boards are the must-have festive gift

    Simon Usborne explores the appeal - and mysteries - of a century-old parlour game
    There's a Good Girl exhibition: How female creatives are changing the way women are portrayed in advertising

    In pictures: There's a Good Girl exhibition

    The new exhibition reveals how female creatives are changing the way women are portrayed in advertising
    UK firm Biscuiteers is giving cookies a makeover - from advent calendars to doll's houses

    UK firm Biscuiteers is giving cookies a makeover

    It worked with cupcakes, doughnuts and macarons so no wonder someone decided to revamp the humble biscuit
    Can SkySaga capture the Minecraft magic?

    Can SkySaga capture the Minecraft magic?

    It's no surprise that the building game born in Sweden in 2009 and now played by millions, has imitators keen to construct their own mega money-spinner
    The King's School is way ahead of the pack when it comes to using the latest classroom technology

    Staying connected: The King's School

    The school in Cambridgeshire is ahead of the pack when it comes to using the latest classroom technology. Richard Garner discovers how teachers and pupils stay connected
    Christmas 2014: 23 best women's perfumes

    Festively fragrant: the best women's perfumes

    Give a loved one a luxe fragrance this year or treat yourself to a sensual pick-me-up
    Arsenal vs Borussia Dortmund: Alex Oxlade-Chamberlain celebrates century with trademark display of speed and intuition

    Arsenal vs Borussia Dortmund

    The Ox celebrates century with trademark display of speed and intuition
    Billy Joe Saunders vs Chris Eubank Jnr: When two worlds collide

    When two worlds collide

    Traveller Billy Joe Saunders did not have a pampered public-school upbringing - unlike Saturday’s opponent Chris Eubank Jnr
    Homeless Veterans Christmas Appeal: Drifting and forgotten - turning lives around for ex-soldiers

    Homeless Veterans Christmas Appeal: Turning lives around for ex-soldiers

    Our partner charities help veterans on the brink – and get them back on their feet
    Putin’s far-right ambition: Think-tank reveals how Russian President is wooing – and funding – populist parties across Europe to gain influence in the EU

    Putin’s far-right ambition

    Think-tank reveals how Russian President is wooing – and funding – populist parties across Europe to gain influence in the EU
    Tove Jansson's Moominland: What was the inspiration for Finland's most famous family?

    Escape to Moominland

    What was the inspiration for Finland's most famous family?