TMCnet - World's Largest Communications and Technology Community



DNS - Twitter Security Loophole Allows Hackers to Run Amuck

Internet Security Featured Article

September 21, 2010

Twitter Security Loophole Allows Hackers to Run Amuck

By Beecher Tuttle, TMCnet Contributor


Early this morning, hackers took advantage of a security flaw on Twitter’s website that allowed them to automatically tweet malicious code and redirect users to unwanted third-party destinations, including pornography websites. Officials with Twitter became aware of the loophole a few hours after it had first been exploited and have said that it is now safe for users to log back into their accounts.

The tens of thousands of individuals who accessed their Twitter accounts early on Tuesday were welcomed with a series of strange links and HTML code. When users ran their mouse over these bizarre tweets, pop-ups were activated and unintended messages were sent and received. Some Twitter subscribers were even redirected to a series of adult websites.

Several media outlets are reporting that the attacks were made possible by a security loophole that was left open by Twitter. Apparently, the website unintentionally allowed JavaScript to be included in tweets.

“Because this JavaScript is embedded in pages on, it has free and unfettered access to other website features, including the ability to send tweets,” wrote Peter Bright of “This allows embedded JavaScript to propagate itself further, hence forming the basis of today's worms that saw many tens of thousands of tweets sent automatically.”

Many industry experts, including Sophos senior technology consultant Graham Cluley, believe that the attacks were very preventable and should have been flagged by Twitter soon after they begun occurring.

"It's pretty widespread and has left some major egg on the face of Twitter," Cluley told FoxNews. "It shouldn't be possible to plant JavaScript code like this into your tweets.”

The attacks on Twitter’s website affected a broad range of subscribers, including several high-profile political figures. Those who accessed the feed of Sarah Brown, wife of former British Prime Minister Gordon Brown, were redirected to a pornographic website. Meanwhile, White House Press Secretary Robert Gibbs was forced to send out an apology tweet to his followers, noting that his account went “haywire.”

Twitter spokeswoman Carolyn Penner said that the issue is “fully patched” and is no longer exploitable.

Beecher Tuttle is a Web Editor for TMCnet. He has extensive experience writing and editing for print publications and online news websites. He has specialized in a variety of industries, including health care technology, politics and education. To read more of his articles, please visit his columnist page.

Edited by Beecher Tuttle

» More Internet Security Feature Articles

Technology Marketing Corporation

2 Trap Falls Road Suite 106, Shelton, CT 06484 USA
Ph: +1-203-852-6800, 800-243-6002

General comments: [email protected].
Comments about this site: [email protected].


© 2022 Technology Marketing Corporation. All rights reserved | Privacy Policy