Dublin: 12 °C Wednesday 28 February, 2024

Explainer: How Tweetdeck made a balls of things in 12 easy steps

It wasn’t hacked. And you don’t need to change your password.

YESTERDAY TWEETDECK WAS shut down for a time after a major security flaw was discovered.

Users of  the Twitter client (which is owned by Twitter) began seeing random pop up windows and retweets on their accounts, and a shout went out across the internet:



Tweetdeck wasn’t hacked. It just made a balls of things. Here’s how…

1. A guy in Austria decided to tweet a cute little emoticon

A heart emoticon to be precise.


His name is @Firoxl and he successfully tweeted the heart using HTML code.

2. So what’s the big deal?

@Firoxl had exposed a flaw in the system. He had discovered that using code, anyone could insert computer programme demands via a Tweetdeck tweet.

The flaw is called cross -site scripting and it’s always been possible to do it in Tweetdeck, just not enough people ever noticed before.

Tweetdeck made a balls of things.

whoops-3 Thejournal Thejournal

3. @Firoxl did the responsible thing

He told Tweetdeck and Twitter, and thousands of other people. As CNN reports, he tweeted:

Vulnerability discovered in TweetDeck. \ o /

The hacker community soon caught on. Step in *Andy.

4. Who?

*Andy (@derGeruhn on Twitter) caught on to the Tweetdeck vulnerability and tweeted this out:


His tweet contained code which ordered it to be retweeted by other accounts (including yours truly’s account) and so the mayhem began.

5. And why did people see odd pop ups?

These cross-site scripting flaw discovered by @Firoxl meant that any cheeky divil exploiting the flaw could cause pop-ups to appear. While *Andy’s message was the most prevalent in terms of automatic retweets, other people saw things like:

6. Some pretty big accounts were affected

Like BBC News, with its 10.1 million followers.

bbc @TomScott @TomScott

7. Tweetdeck soon copped on

8. And so did everyone else

9. And soon people began copping on to Tweetdeck’s big boo-boo, and taking the pi**

10. Tweetdeck fixed everything and said sorry

Forgive-me-GIF Gifsec Gifsec

11. *Andy gained a whole heap of followers

12. And you don’t need to change your Tweetdeck password

Just log in and log out again to make sure the update is in place.

cheering_minions Reactiongifs Reactiongifs

Read: Tweetdeck takes service down after security flaw was discovered>

Apple for dopes: 11 things to know about the new iPhone announcements>

Your Voice
Readers Comments
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.