We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
79,773 News Articles

Twitter hack sees third-party websites opened without clicking links

Use third-party clients to access micro-blogging service

Hackers have exploited a flaw in Twitter, which results in pop-ups and third-party websites being opened despite users simply hovering over links with their mouse.

Hundred of Twitter users, including Sarah Brown - wife of the former Labour Prime Minister Gordon Brown – have fallen victim to the attack. In some cases the third-party websites that are open are pornographic.

The malicious links contain Javascript code, called onMouseOver, which allows users to redirected, even if they haven't clicked on the link.

Graham Cluely from security firm Sophos said in a blog that at present the flaw is being exploited for "fun and games" although "there is obviously the potential for cybercriminals to redirect users to third-party websites containing malicious code, or for spam advertising pop-ups to be displayed".

"Hopefully Twitter will shut down this loophole as soon as possible - disallowing users to post the onMouseOver JavaScript code, and protecting users whose browsing may be at risk," he added.

Cluley advised Twitter users to avoid using the Twitter website and instead rely on a third-party client such as Tweetdeck to access the service.

At around 2:50pm this afternoon (GMT), Twitter's @Safety feed posted the following message, suggesting that the problem was solved:

"We've identified and are patching a XSS attack; as always, please message @safety if you have info regarding such an exploit."

See also: Twitter's new homepage: what the critics said


IDG UK Sites

Samsung Galaxy Alpha vs iPhone 5S comparison review: Metal smartphones fight

IDG UK Sites

Gateway to your kingdom: why everybody should check and update their broadband router

IDG UK Sites

Fonts review

IDG UK Sites

Best Mac? Complete Apple Mac buyers guide for 2014