Twitter apologizes after users hit by 'mouseover' attack

Twitter apologized to its millions of users on Tuesday after hackers exploited a security hole and wreaked havoc on the microblogging service.

Bob Lord, a member of Twitter's security team, said no account information was compromised in the attack, dubbed the "mouseover bug" because it was spread by users scrolling over infected links with a computer mouse.

The bug opened pop-up windows in Web browsers, linked some users to porn websites, or automatically generated the short messages known as "tweets" from a user's account.

San Francisco-based Twitter said the attack began around 2:30 am California time (0930 GMT) and was brought under control four-and-a-half hours later.

But not before thousands of users saw bizarre strings of computer code in their incoming message feed and inadvertently passed them on to other users in their list of followers.

The infected links looked like regular messages but contained lines of random computer code or were completely blacked out like a message that has been redacted.

Those hit by the bug included Sarah Brown, the wife of the former British prime minister who has over 1.1 million followers on Twitter, and White House press secretary Robert Gibbs, who has 97,000 followers.

"My Twitter went haywire," Gibbs wrote on @presssec. "Paging the tech guys."

"Don't know what everyone else got, but my bug sent me an advert for a weight loss program - as if that would work!" Brown joked at @sarahbrownuk.

Twitter's Lord explained the attack in a blog post, saying it was caused by cross-site scripting (XSS), which involves placing code from an untrusted website into another one.

"In this case, users submitted javascript code as plain text into a tweet that could be executed in the browser of another user," he said.

Lord said Twitter had patched up a similar issue last month but it resurfaced as the result of a recent site update.

He said the initial attack involved pop-up boxes which appeared when a Twitter user hovered over an infected link with their mouse.

"Other users took this one step further and added code that caused people to retweet the original tweet without their knowledge," he said.

Lord stressed there was no need for Twitter users to change passwords "because user account information was not compromised through this exploit."

"We apologize to those who may have encountered it," he said.

Graham Cluley of computer security firm Sophos said that in Sarah Brown's case her Twitter page tried to redirect visitors to a porn site in Japan.

Cluley said the hackers behind the attacks exploited the security hole "for fun and games."

"But there is obviously the potential for cybercriminals to redirect users to third-party websites containing malicious code, or for spam advertising pop-ups to be displayed," he said.

Gibbs, the White House spokesman, told reporters the incident had not made him reconsider using Twitter.

"From time to time, I have no doubt that there will be those that want to gum up the system and things like that," he said. "I don't hesitate to continue to use it."

Without technology "we'd all be writing on - yes, parchment, or we'd be sending letters in the mail as press releases, which we used to do not too long ago," he said. "So, it's the vagaries of doing business."

Twitter, which allows users to pepper one another with messages of 140 characters or less, has over 145 million registered users firing off more than 90 million tweets a day, co-founder Evan Williams said recently.

Twitter unveiled a major redesign of its website a week ago that is being slowly rolled out to users of the service across the globe. The company said the attack was not connected to Twitter's revamp.

Life and Style
ebookNow available in paperback
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Guru Careers: Software Tester / QA Engineer

    £23 - 28k (DOE) + Benefits: Guru Careers: A Software Tester / QA Engineer is n...

    Guru Careers: C# Project Team Lead

    £55 - 65k (DOE): Guru Careers: A unique opportunity for a permanent C# Develop...

    Guru Careers: Graduate Editor / Editorial Assistant

    £16 - 20k: Guru Careers: A Graduate Editor / Editorial Assistant is needed to ...

    Guru Careers: Software Developer / C# Developer

    £40-50K: Guru Careers: We are seeking an experienced Software / C# Developer w...

    Day In a Page

    Abuse - and the hell that came afterwards

    Abuse - and the hell that follows

    James Rhodes on the extraordinary legal battle to publish his memoir
    Why we need a 'tranquility map' of England, according to campaigners

    It's oh so quiet!

    The case for a 'tranquility map' of England
    'Timeless fashion': It may be a paradox, but the industry loves it

    'Timeless fashion'

    It may be a paradox, but the industry loves it
    If the West needs a bridge to the 'moderates' inside Isis, maybe we could have done with Osama bin Laden staying alive after all

    Could have done with Osama bin Laden staying alive?

    Robert Fisk on the Fountainheads of World Evil in 2011 - and 2015
    New exhibition celebrates the evolution of swimwear

    Evolution of swimwear

    From bathing dresses in the twenties to modern bikinis
    Sun, sex and an anthropological study: One British academic's summer of hell in Magaluf

    Sun, sex and an anthropological study

    One academic’s summer of hell in Magaluf
    From Shakespeare to Rising Damp... to Vicious

    Frances de la Tour's 50-year triumph

    'Rising Damp' brought De la Tour such recognition that she could be forgiven if she'd never been able to move on. But at 70, she continues to flourish - and to beguile
    'That Whitsun, I was late getting away...'

    Ian McMillan on the Whitsun Weddings

    This weekend is Whitsun, and while the festival may no longer resonate, Larkin's best-loved poem, lives on - along with the train journey at the heart of it
    Kathryn Williams explores the works and influences of Sylvia Plath in a new light

    Songs from the bell jar

    Kathryn Williams explores the works and influences of Sylvia Plath
    How one man's day in high heels showed him that Cannes must change its 'no flats' policy

    One man's day in high heels

    ...showed him that Cannes must change its 'flats' policy
    Is a quiet crusade to reform executive pay bearing fruit?

    Is a quiet crusade to reform executive pay bearing fruit?

    Dominic Rossi of Fidelity says his pressure on business to control rewards is working. But why aren’t other fund managers helping?
    The King David Hotel gives precious work to Palestinians - unless peace talks are on

    King David Hotel: Palestinians not included

    The King David is special to Jerusalem. Nick Kochan checked in and discovered it has some special arrangements, too
    More people moving from Australia to New Zealand than in the other direction for first time in 24 years

    End of the Aussie brain drain

    More people moving from Australia to New Zealand than in the other direction for first time in 24 years
    Meditation is touted as a cure for mental instability but can it actually be bad for you?

    Can meditation be bad for you?

    Researching a mass murder, Dr Miguel Farias discovered that, far from bringing inner peace, meditation can leave devotees in pieces
    Eurovision 2015: Australians will be cheering on their first-ever entrant this Saturday

    Australia's first-ever Eurovision entrant

    Australia, a nation of kitsch-worshippers, has always loved the Eurovision Song Contest. Maggie Alderson says it'll fit in fine