Twitter users have been hit with a barrage of cyber attacks, following the discovery of a vulnerability in the firm's popular Tweetdeck service.
The first signs of the attack appeared late on Wednesday when a number of accounts suddenly started tweeting garbled code.
Tweetdeck responded quickly on Twitter, acknowledging that it had been breached and temporarily shutting down the web version of the service.
A security issue that affected TweetDeck this morning has been fixed. Please log out of TweetDeck and log back in to fully apply the fix.— TweetDeck (@TweetDeck) June 11, 2014
Tweetdeck came back online hours later reporting that it had fixed the flaw and that the service is once again safe to use. No guidance was issued on whether users should change their account passwords.
We've verified our security fix and have turned TweetDeck services back on for all users. Sorry for any inconvenience.— TweetDeck (@TweetDeck) June 11, 2014
Webroot director George Anderson said the attacks used a cross site scripting (XSS) exploit to break into the Twitter accounts.
"Cross site scripting or XSS is a type of exploit that usually works in a website or a web application. It allows the attacker to run a script on the user's device, which makes an XSS vulnerability so dangerous," he said.
"The script is able to send any sensitive information accessible from within the browser back to the hacker, so a potential attacker can gain access to the user's private information - such as passwords, usernames and card numbers."
The extent and impact of the attacks remain unknown, although Zscaler vice president of security research Michael Sutton said it is likely that several groups exploited the flaw.
"In this case Twitter user @firoxl accidentally uncovered the flaw when looking for a way to post an emoticon and others quickly piled on, using the flaw to force automated retweets," he said.
Anderson from Webroot warned that the nature of the flaw is particularly troubling as data stolen during the cyber raids could be used for follow-up attacks. He advised users to take action to protect themselves.
"Because XSS steals the cookie sign-on information, users should get rid of all saved passwords, as well as sign-in again on a secure browser session and change their login-ins. It's also best not to use Tweetdeck as long as it remains infected," he said.
Tweetdeck is one of many popular services to be hit with cyber attacks this week. Evernote and Feedly were targeted with distributed denial of service attacks on Wednesday.
Connexin drops out of Ofcom auction due to start next week
SwiftKey users now send two billion emoji every week
Recruitment plans are 'most ambitious ever', claims Openreach HR director Kevin Brady
Samsung's under-the-hood improvements separate the S9 from the pack when it comes to the display