How Twitter Was Hacked

September 22, 2010, By Jeff.Orloff


Twitter suffered from an XSS attack that led users to a 3rd party website.

As most people know, Twitter was hacked the other day. As a result of the hack, visitors to Twitter’s site were redirected to porn sites when the victim simply hovered over malicious link in certain tweets. Fortunately for mobile device users, accessing Twitter through third party applications did not subject them to this attack.

What Twitter suffered from was a Cross-Site Scripting attack (or XSS). This occurs when an attacker finds a site that is vulnerable to this sort of attack and they insert malicious code into the website. Commonly, this is done through comments, uploads, or anywhere else a user is allowed to insert code. Keep in mind that not all sites allow code to be inserted into areas like their comment fields or through image uploads.

Of course Twitter has the luxury of having programmers on hand to find the vulnerability and patch it up rather quickly. And that’s exactly what they did. For smaller sites, being vulnerable to such an attack could prove to be costly as they would need to hire security specialists to handle the clean up tasks for them.

With estimates of 63 percent of all flaws in web applications being cross-site scripting vulnerabilities, this type of attack will continue to be used to exploit websites around the globe.

© 2008-2012 - All rights reserved | Privacy Policy