Alert: Twitter Mouseover Hack

If you’ve logged into Twitter today via their website, it might be a good idea to change your password. I’d also strongly recommend accessing Twitter through a third party client like Tweet Deck or another service. While surprisingly there isn’t anything on the Twitter Status Blog, it appears that Twitter has been hit by a “mouseover” hack that’s causing people to tweet and retweet the same hack over and over again. If you would like to read more about the hack Sophos has an article that explains the flaw.

In simple English, hackers have exploited a security flaw within Twitter that allows for mouse over commands in JavaScript that allows people who hover over the link to be redirected to other websites, or replicate the message. Interestingly, the tweet shows as a block of text, like information on a redacted document. Also, as I learned this morning, the current hack appears to put giant letters overtop of the Twitter interface.

I’m sure more folks will write better explanations of what is currently going on, but as of now it’s best to stay off the main Twitter site, or access it through a third party application which appears to block the mouseover hack. As irresistible as it may seem, please don’t click on any tweets blocked out with color, but if you do please use a third party client to change your password as soon as possible.


Leave a Reply