Twitter apologizes after users hit by 'mouseover' attack

Twitter apologized to its millions of users on Tuesday after hackers exploited a security hole and wreaked havoc on the microblogging service.

Bob Lord, a member of Twitter's security team, said no account information was compromised in the attack, dubbed the "mouseover bug" because it was spread by users scrolling over infected links with a computer mouse.

The bug opened pop-up windows in Web browsers, linked some users to porn websites, or automatically generated the short messages known as "tweets" from a user's account.

San Francisco-based Twitter said the attack began around 2:30 am California time (0930 GMT) and was brought under control four-and-a-half hours later.

But not before thousands of users saw bizarre strings of computer code in their incoming message feed and inadvertently passed them on to other users in their list of followers.

The infected links looked like regular messages but contained lines of random computer code or were completely blacked out like a message that has been redacted.

Those hit by the bug included Sarah Brown, the wife of the former British prime minister who has over 1.1 million followers on Twitter, and White House press secretary Robert Gibbs, who has 97,000 followers.

"My Twitter went haywire," Gibbs wrote on @presssec. "Paging the tech guys."

"Don't know what everyone else got, but my bug sent me an advert for a weight loss program - as if that would work!" Brown joked at @sarahbrownuk.

Twitter's Lord explained the attack in a blog post, saying it was caused by cross-site scripting (XSS), which involves placing code from an untrusted website into another one.

"In this case, users submitted javascript code as plain text into a tweet that could be executed in the browser of another user," he said.

Lord said Twitter had patched up a similar issue last month but it resurfaced as the result of a recent site update.

He said the initial attack involved pop-up boxes which appeared when a Twitter user hovered over an infected link with their mouse.

"Other users took this one step further and added code that caused people to retweet the original tweet without their knowledge," he said.

Lord stressed there was no need for Twitter users to change passwords "because user account information was not compromised through this exploit."

"We apologize to those who may have encountered it," he said.

Graham Cluley of computer security firm Sophos said that in Sarah Brown's case her Twitter page tried to redirect visitors to a porn site in Japan.

Cluley said the hackers behind the attacks exploited the security hole "for fun and games."

"But there is obviously the potential for cybercriminals to redirect users to third-party websites containing malicious code, or for spam advertising pop-ups to be displayed," he said.

Gibbs, the White House spokesman, told reporters the incident had not made him reconsider using Twitter.

"From time to time, I have no doubt that there will be those that want to gum up the system and things like that," he said. "I don't hesitate to continue to use it."

Without technology "we'd all be writing on - yes, parchment, or we'd be sending letters in the mail as press releases, which we used to do not too long ago," he said. "So, it's the vagaries of doing business."

Twitter, which allows users to pepper one another with messages of 140 characters or less, has over 145 million registered users firing off more than 90 million tweets a day, co-founder Evan Williams said recently.

Twitter unveiled a major redesign of its website a week ago that is being slowly rolled out to users of the service across the globe. The company said the attack was not connected to Twitter's revamp.

Life and Style
ebookNow available in paperback
ebooks
ebookA delicious collection of 50 meaty main courses
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
SPONSORED FEATURES
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    SThree: Trainee Recruitment Consultant

    £18000 - £23000 per annum + Uncapped OTE: SThree: Trainee Recruitment Consulta...

    SThree: Trainee Recruitment Consultant

    £18000 - £23000 per annum + Uncapped OTE: SThree: Trainee Recruitment Consulta...

    Recruitment Genius: Network Support Engineer

    £25000 - £30000 per annum: Recruitment Genius: A Network Support Engineer is r...

    Recruitment Genius: Account Director - Tech Startup - Direct Your Own Career Path

    £25000 - £40000 per annum: Recruitment Genius: This is an exciting opportunity...

    Day In a Page

    Refugee crisis: David Cameron lowered the flag for the dead king of Saudi Arabia - will he do the same honour for little Aylan Kurdi?

    Cameron lowered the flag for the dead king of Saudi Arabia...

    But will he do the same honour for little Aylan Kurdi, asks Robert Fisk
    Our leaders lack courage in this refugee crisis. We are shamed by our European neighbours

    Our leaders lack courage in this refugee crisis. We are shamed by our European neighbours

    Humanity must be at the heart of politics, says Jeremy Corbyn
    Joe Biden's 'tease tour': Could the US Vice-President be testing the water for a presidential run?

    Joe Biden's 'tease tour'

    Could the US Vice-President be testing the water for a presidential run?
    Britain's 24-hour culture: With the 'leisured society' a distant dream we're working longer and less regular hours than ever

    Britain's 24-hour culture

    With the 'leisured society' a distant dream we're working longer and less regular hours than ever
    Diplomacy board game: Treachery is the way to win - which makes it just like the real thing

    The addictive nature of Diplomacy

    Bullying, betrayal, aggression – it may be just a board game, but the family that plays Diplomacy may never look at each other in the same way again
    Lady Chatterley's Lover: Racy underwear for fans of DH Lawrence's equally racy tome

    Fashion: Ooh, Lady Chatterley!

    Take inspiration from DH Lawrence's racy tome with equally racy underwear
    8 best children's clocks

    Tick-tock: 8 best children's clocks

    Whether you’re teaching them to tell the time or putting the finishing touches to a nursery, there’s a ticker for that
    Charlie Austin: Queens Park Rangers striker says ‘If the move is not right, I’m not going’

    Charlie Austin: ‘If the move is not right, I’m not going’

    After hitting 18 goals in the Premier League last season, the QPR striker was the great non-deal of transfer deadline day. But he says he'd preferred another shot at promotion
    Isis profits from destruction of antiquities by selling relics to dealers - and then blowing up the buildings they come from to conceal the evidence of looting

    How Isis profits from destruction of antiquities

    Robert Fisk on the terrorist group's manipulation of the market to increase the price of artefacts
    Labour leadership: Andy Burnham urges Jeremy Corbyn voters to think again in last-minute plea

    'If we lose touch we’ll end up with two decades of the Tories'

    In an exclusive interview, Andy Burnham urges Jeremy Corbyn voters to think again in last-minute plea
    Tunisia fears its Arab Spring could be reversed as the new regime becomes as intolerant of dissent as its predecessor

    The Arab Spring reversed

    Tunisian protesters fear that a new law will whitewash corrupt businessmen and officials, but they are finding that the new regime is becoming as intolerant of dissent as its predecessor
    King Arthur: Legendary figure was real and lived most of his life in Strathclyde, academic claims

    Academic claims King Arthur was real - and reveals where he lived

    Dr Andrew Breeze says the legendary figure did exist – but was a general, not a king
    Who is Oliver Bonas and how has he captured middle-class hearts?

    Who is Oliver Bonas?

    It's the first high-street store to pay its staff the living wage, and it saw out the recession in style
    Earth has 'lost more than half its trees' since humans first started cutting them down

    Axe-wielding Man fells half the world’s trees – leaving us just 422 each

    However, the number of trees may be eight times higher than previously thought
    60 years of Scalextric: Model cars are now stuffed with as much tech as real ones

    60 years of Scalextric

    Model cars are now stuffed with as much tech as real ones