If you’re a TweetDeck user you might have noticed a slight outage of Twitter’s platform yesterday evening. Since everything is back and working at the moment (we checked and so have they), Twitter has fixed the problem but the downtime was the result of a security vulnerability that could have allowed some users to execute malicious code through tweets, potentially spreading to other accounts by retweeting themselves through TweetDeck or performing undesirable actions on an account.
We've verified our security fix and have turned TweetDeck services back on for all users. Sorry for any inconvenience.
— TweetDeck (@TweetDeck) June 11, 2014
It seems that the exploit didn’t get out of hand, with Twitter shutting down TweetDeck when a security fix didn’t work right off the bat. The service was turned back on as soon as the problem was corrected.
Tech website The Verge reports that the security vulnerability may have been kickstarted by a young Austrian Twitter user who was messing around with his account and accidentally discovered the exploit. Once he stumbled onto the XSS (cross-site scripting) bug, he notified TweetDeck but there were several instances of other users taking advantage of the fault before Twitter stepped in.
According to The Verge the user said “This was an accident. I didn’t want to make this public. I didn’t want to do anything bad.”