Twitter’s Tweetdeck client was shutdown for a period after a “cross-site scripting” (XSS) vulnerability was discovered that left millions of users open to their accounts being hijacked. While Twitter initially announced that the flaw had been fixed, it later took down the service for around an hour.
Tweetdeck provides users with a web or app based interface enabling them to monitor multiple searches and manage more than one account. Among users affected by the security flaw were the BBC Breaking News account and MP Ed Miliband.
In theory, such a flaw could have left accounts vulnerable to being taken over, allowing hackers to post tweets, unfollow and follow people and more. Twitter’s normal web interface and other apps which use Twitter’s API do not seem to have been affected, and no security warnings were issued for these services. Twitter suffered a similar vulnerability in September 2010 that was discovered by an Australian teenager.