Update: Tweetdeck has taken down the service to assess the vulnerability that was used in today’s attack.
TweetDeck, a popular tool for Twitter power users, has announced that it has fixed the XSS vulnerability used in a hack that took place this morning and that users should log out and log back in to complete the fix on their end.
A cross-site scripting vulnerability makes it possible to trick your browser into running outside code. The only option available to protect yourself was to close out of the TweetDeck web app (or Chrome extension), which forced power users to make a tough decision:
The vulnerability was mostly used to force pop-ups onto people’s screens as in the image above. But had the vulnerability remained open long, the hacker taking advantage of it could have taken over user accounts. We’re keeping an eye out, but so far we haven’t seen any evidence that accounts were actually compromised in the attack.