Twitter fixes flaw after cyber attack

Twitter, which allows users to broadcast short messages of 140 characters or fewer, was flooded with tweets by users who complained on the homepage under such topic headings as "Twitter got hacked."

It said that no user information was compromised.

A tweet from Twitter's safety chief at around 10:30 a.m. EDT (1430 GMT) said the attack had been "fully patched" and that hackers could no longer exploit the flaw. "We don't believe any user info was compromised."

Twitter's website was hijacked on Tuesday by users who exploited a security flaw that allowed messages to pop up and third-party websites to open when a user moved his or her mouse over a link, according to security technology company Sophos.

Sophos, which has no formal business relationship with Twitter, said the messages had spread without users' consent.

"It was pretty bad -- we saw it hitting thousands of people a minute," said Graham Cluley, a Sophos technology consultant who was not involved in fixing Tuesday's problem. "The worst we saw was it was redirecting some users to a Japanese porn site."

Such security glitches make some users about the safety of popular social media sites like Twitter and Facebook. Both sites have been attacked in the past. The ability of users to share easily videos, photos and other content also makes it easy to spread computer viruses in a short time.

Twitter had reported a security flaw in April 2009, which it fixed at the time after several attacks.

Cluley said Twitter should have higher security measures on its website.

"It should have been easy to stop this in the first place," said Cluley.

Users of third-party Twitter applications like TweetDeck and Twhirl appear not to have been affected by the flaw.

Four-year-old Twitter has more than 145 million users and is now signing up an average of 370,000 new users a day.

It increasingly challenges established Web giants Yahoo Inc and Google Inc for consumers' online time.

DH Newsletter Privacy Policy Get top news in your inbox daily
Comments (+)