Hacked Info

If you are a regular on Twitter and follow other people’s tweets, look out for this one. There is a bug in the application programming interface (API) of Twitter which lets corrupt or malicious JavaScript code to tiptoe into your tweets. This means that your login account is not completely secure. Your account can be compromised and your information can be overtaken.

This cross-site-scripting or XSS vulnerability which has crept into Twitter is because of the social networking site’s inherent weakness. TweetDeck, TwitterFox or HootSuite, the applications on Twitter which allow users to post their tweets, do not automatically filter the unique resource locator (URL) of the programs that are posted on users’ tweets. This means that whenever users post any URLs on their tweets they are exposing their Twitter accounts to the possibility of hacking. So any one with a decent understanding of back-end computer application can actually make Twitter “applications” and unassumingly attract other Twitter users to communicate.

Also, social networking sites like Twitter provide a target-rich environment for planting any malware or hacking user accounts. Since a large number of Twitter accounts have “followers”, it is very easy for hackers and dubious codes to creep into multiple user accounts.

This XSS bug was first reported in a blog posted by James Slater. The blog revealed that this bug can be used to run any arbitrary code on the machines through which users unsuspectingly visit a Twitter account. Once a compromised account is viewed by an unsuspecting user, the JavaScript is pulled by the hacker, who in turn can change the profile and rob the authentication cookies.

This cross-site-scripting code is another major weakness in the Web 2.0 service. Twitter’s bug arises from the weaknesses in the API which allows hackers to write codes for standalone applications that can read and send messages over the Twitter network.