The worm that wrecked havoc on Twitter website apparently got accidentally re-introduced.
As Twitter wrote in its blog post, “We discovered and patched this issue last month. However, a recent site update (unrelated to new Twitter) unknowingly resurfaced it.”
The bug reportedly had been public knowledge since August 23, when it was patched in the open-source text processing library used by Twitter.
According to the company blog, “A user noticed the security hole and took advantage of it on Twitter.com. First, someone created an account that exploited the issue by turning tweets different colors and causing a pop-up box with text to appear when someone hovered over the link in the Tweet. This is why folks are referring to this an “onMouseOver” flaw — the exploit occurred when someone moused over a link.”
“Other users took this one step further and added code that caused people to retweet the original Tweet without their knowledge,” added the blog post.
Twitter, however, has assured users that they need not change their passwords as no user account information has been compromised.
Twitter’s website was hijacked on Tuesday by users who exploited a security flaw that allowed messages to pop up and third-party websites to open when a user moved his or her mouse over a link, according to security technology company Sophos.
Sophos said the messages had spread without users’ consent.Four-year-old Twitter has more than 145 million users and is now signing up an average of 370,000 new users a day. It increasingly challenges established Web giants Yahoo Inc and Google Inc for consumers’ online time.