Twitter Under Attack! Mouseover Exploit (Update: Fixed)


Well, it doesn’t surprise me or any twitter user that platforms like twitter are full of holes waiting to be exposed. If you’re currently using Twitter and use the website to tweet then don’t be surprised if you see random string or addresses being auto tweeted.

Http://”onmouseover=”document.getElementByld(‘status’).value=’RT Levo75′;$(‘.status-update-form’).submit();

As it turns out Twitter is being exploited by and HTML/JS exploit that is spreading like wildfire (well not really). Since majority of twitter users don’t know anything about exploits or security, the numbers will only increase from here.

Right now if you want to use twitter, I would recommend using a 3rd Party Client like Tweetdeck. Also, it would be wise to stay away from the site. Even if you hover your mouse over the link it will still open it.

Use Noscript and block access to Twitter. The bug or whatever you like to call it uses Javascript.

Happy tweeting guys 😀

More info

Update: Twitter says they have found the bug and have patched it.

We’ve identified and are patching a XSS attack; as always, please message @safety if you have info regarding such an exploit.

We expect the patch to be fully rolled out shortly and will update again when it is.

Learn more the author of this post:

Just a random stranger on the Internet looking for a new home to crash in.