The Twitter Website Is Under Attack

Twitter is all screwed up at the moment, thanks to a new security hole that’s currently spreading like wildfire across the service. A JavaScript exploit is causing visitors of Twitter’s website to inadvertently retweet spam, just by hovering over tweets.


The exploit takes advantage of the Javascript function onMouseOver, enticing users with colorful blocks of text and then retweeting those messages automatically when the block is moused over. In some cases the links launch pop up windows, in others users are being directed to spam and porn sites.

Reader Mike sent a video of the exploit in action. As soon as he moves his cursor from the toolbar to the body of the page, it retweets the exploit and attempts to send a Direct Message.

Third party apps are safe from the bug, but because the exploit spreads by users merely hovering over links, visiting the Twitter website right now almost guarantees that you’ll inadvertently retweet one of the messages. [Sophos]

The original version of the story appears here.

Gizmodo is dedicated to gadgets, gizmos, and cutting-edge consumer electronics. Its tech-hungry audience stops by frequently to check out the newest products and recommendations for laptops, cell phones, PDAs, digital cameras, home entertainment, and other shiny new toys. Widely viewed as an authority in tech media, Gizmodo publishes breaking news and reviews 60 times per weekday.