Warning: Twitter Security Flaw - UPDATED
Experts are saying users should stay away from twitter.com until the problem is fixed. At this time (early morning) there has been no word from Twitter. I expect something to show up on the Twitter blog at some point that will explain what they are doing (or did) to stop the problem.
A new Twitter security flaw has been widely exploited on thousands of Twitter accounts, redirecting users to third-party websites without their consent.
The bug is particularly nasty because it works on mouseover only, meaning pop-ups and third-party websites can open even if you just move your mouse over the offending link.
The security flaw caught many people by surprise, including Sarah Brown, the wife of the former British Prime Minister, according to Graham Cluley's Blog in Twitter 'onmouseover' security flaw widely exploited.
It looks like many users are currently using the flaw for fun and games, but there is obviously the potential for cybercriminals to redirect users to third-party websites containing malicious code, or for spam advertising pop-ups to be displayed.
Perhaps because of Mrs. Brown's name being attached to the issue, the European version of TechCrunch is posting frequent updates to its story about the security flaw. One of their updates says,
As we said, third party apps using the Twitter API won’t re-produce the mouseover exploit, so they are safest right now. It also appears that users of the New Twitter interface (mostly in North America) do not have the same problem.
I've been visiting twitter.com more than usual lately, waiting to get a look at the new Twitter, and working to get a Twitter list of the women in web education going. Until we hear that this security flaw has been fixed, I intend to stay away from twitter.com. I suggest you do too.
UPDATED: According to @safety, this problem has been fixed by Twitter.
Photo Credit: Abigail Silvester