Bloomberg the Company

Bloomberg Anywhere Login

Bloomberg

Connecting decision makers to a dynamic network of information, people and ideas, Bloomberg quickly and accurately delivers business and financial information, news and insight around the world.

Company

Financial Products

Enterprise Products

Media

Customer Support

  • Americas

    +1 212 318 2000

  • Europe, Middle East, & Africa

    +44 20 7330 7500

  • Asia Pacific

    +65 6212 1000

Follow Us

Industry Products

Twitter Hurt by Security Flaw After Site Is Attacked

Don't Miss Out —
Follow us on:

Sept. 21 (Bloomberg) -- Twitter Inc.’s website was impaired by a security flaw that caused people to unwillingly resend messages posted by other users and directed them to third-party sites, including ones that feature pornography.

Twitter subscribers described the flaw in posts on the site, and it affected the account of White House press secretary Robert Gibbs. San Francisco-based Twitter said in postings that it identified an attack and “fully patched” it.

The flaw affected subscribers when they moved their mouse over infected short messages, or tweets, causing an embedded code to execute and creating messages that directed people to third-party sites, said Graham Cluley, a consultant at Sophos Plc, an Abingdon, England-based computer-security firm. It stemmed from a vulnerability that lets people post scripts -- a type of software code -- into tweets, he said.

“From time to time, I have no doubt that there will be those that want to gum up the system and things like that,” Gibbs said at his regular White House briefing today. “I don’t hesitate to continue to use it.”

Cluley said the vulnerability spread widely among Twitter users. “It’s a problem and it’s widespread. It’s like someone has just thrown gas over a fire,” he said. He estimated that 100,000 people or more were affected.

People who use third-party client software to access Twitter, such as TweetDeck and Seesmic, were unaffected, he said. Origins of the attack aren’t yet known, he said.

To contact the reporter on this story: Arik Hesseldahl in New York at ahesseldahl@bloomberg.net

To contact the editor responsible for this story: Tom Giles at tgiles5@bloomberg.net.

Please upgrade your Browser

Your browser is out-of-date. Please download one of these excellent browsers:

Chrome, Firefox, Safari, Opera or Internet Explorer.