Twitter users have been hit with a barrage of cyber attacks, following the discovery of a vulnerability in the firm's popular Tweetdeck service.
The first signs of the attack appeared late on Wednesday when a number of accounts suddenly started tweeting garbled code.
Tweetdeck responded quickly on Twitter, acknowledging that it had been breached and temporarily shutting down the web version of the service.
A security issue that affected TweetDeck this morning has been fixed. Please log out of TweetDeck and log back in to fully apply the fix.— TweetDeck (@TweetDeck) June 11, 2014
Tweetdeck came back online hours later reporting that it had fixed the flaw and that the service is once again safe to use. No guidance was issued on whether users should change their account passwords.
We've verified our security fix and have turned TweetDeck services back on for all users. Sorry for any inconvenience.— TweetDeck (@TweetDeck) June 11, 2014
Webroot director George Anderson said the attacks used a cross site scripting (XSS) exploit to break into the Twitter accounts.
"Cross site scripting or XSS is a type of exploit that usually works in a website or a web application. It allows the attacker to run a script on the user's device, which makes an XSS vulnerability so dangerous," he said.
"The script is able to send any sensitive information accessible from within the browser back to the hacker, so a potential attacker can gain access to the user's private information - such as passwords, usernames and card numbers."
The extent and impact of the attacks remain unknown, although Zscaler vice president of security research Michael Sutton said it is likely that several groups exploited the flaw.
"In this case Twitter user @firoxl accidentally uncovered the flaw when looking for a way to post an emoticon and others quickly piled on, using the flaw to force automated retweets," he said.
Anderson from Webroot warned that the nature of the flaw is particularly troubling as data stolen during the cyber raids could be used for follow-up attacks. He advised users to take action to protect themselves.
"Because XSS steals the cookie sign-on information, users should get rid of all saved passwords, as well as sign-in again on a secure browser session and change their login-ins. It's also best not to use Tweetdeck as long as it remains infected," he said.
Tweetdeck is one of many popular services to be hit with cyber attacks this week. Evernote and Feedly were targeted with distributed denial of service attacks on Wednesday.
Latest Tesla news: Tesla stock price tanks amid reports of 'widening probe' by SEC and claims the base Model 3 loses money
SEC 'probe' takes its toll on Tesla as new research suggests that Tesla loses $6,000 on every $35,000 Model 3
10nm Cannon Lake Core i3-8121U CPUs make a rare outing with Intel's NUC mini PC
'Notorious' Australian child hacker thought he had executed 'flawless' hack
The former employee says that Tesla fired him for bringing the accusations to management internally