Twitter came under attack on Tuesday as hackers exploited a security flaw to wreak havoc on the micro-blogging service.
Computer security firms said thousands of users, or more, were affected by the bug, which appears to send out or “re-tweet” messages simply by rolling over an infected link with the computer mouse.
Those hit by the bug included Sarah Brown, the wife of the former British prime minister who has over one million followers on Twitter, and White House press secretary Robert Gibbs.
“My Twitter went haywire — absolutely no clue why it sent that message or even what it is … paging the tech guys,” Gibbs wrote on @presssec.
Twitter said it had identified the attack and was working on a solution.
“We expect the patch to be rolled out shortly and will update again when it is,” the San Francisco-based service said in a brief statement on its website.
‘Potential for cyber-criminals’
Security expert Graham Cluley of computer security firm Sophos said the bug only affected users of the Twitter.com website, not third-party programs developed to access the popular micro-blogging service.
Cluley said the bug was allowing messages to pop-up and third-party websites to open in a web browser including links to pornography sites.
He said that in Sarah Brown’s case her “Twitter page has been messed with in an attempt to redirect visitors to a hardcore porn site based in Japan”.
“It looks like many users are currently using the flaw for fun and games,” Cluley said.
“But there is obviously the potential for cyber-criminals to redirect users to third-party websites containing malicious code, or for spam advertising pop-ups to be displayed,” he said. “Hopefully Twitter will shut down this loophole as soon as possible.”
The infected links look like regular messages, or “tweets”, but contain lines of random computer code or are completely blacked out like a message that has been redacted.
Twitter, which allows users to pepper one another with messages of 140 characters or less, has more than 145-million registered users, co-founder Evan Williams said recently. — AFP