Twitter fixes mouse security exploit on Twitter.com

Some  Twitter users took advantage of an exploit on Twitter.com that could launch unwanted pop-up windows, and send visitors to third-party websites without their permission, reports the antivirus firm Sophos. The exploit required other users to merely mouse over a link to be activated.

Twitter’s Safety account mentioned that it was aware of the exploit earlier this morning, and it announced that it was fixed shortly after.

According to Sophos Senior Technology Consultant Graham Cluely, thousands of Twitter accounts featured the exploit. Those include Sarah Brown, wife of the former British Prime Minister, who has over one million Twitter followers. Her account was apparently hacked Cluely created a short video (below) demonstrating the various ways the exploit was used.

To be clear, the exploit only affected Tweets on Twitter.com. Users of third-party Twitter clients like TweetDeck were in the clear. The news comes only a week after Twitter began rolling out a new version of Twitter.com.

As Twitter co-founder Evan Williams mentioned last week, when he unveiled the company’s new website design, most people experience the service through Twitter.com. 78 percent of active Twitter users have used the website in the past month — more than other clients combined.

It’s good that Twitter resolved the issue quickly, but it will need to be extra vigilant about issues on Twitter.com in the future. With its improvements, even more users are going to rely on the website instead of using a third-party client.


VentureBeat is studying mobile marketing automation. Chime in, and we’ll share the data.