WASHINGTON – Twitter said Wednesday it briefly took down its popular TweetDeck application to view and manage messages because of a security flaw, which prompted some calls to stop using the program.
Some experts said the vulnerability could be exploited by hackers, and reports cited instances of people’s TweetDeck accounts hijacked on the Chrome browser.
The popular messaging platform said it discovered “a security issue that affected TweetDeck” and temporarily took the service offline, telling users: “Please log out of TweetDeck and log back in to fully apply the fix.”
After a period of confusion and complaints about the fix not working, Twitter announced, “We’ve verified our security fix and have turned TweetDeck services back on for all users. Sorry for any inconvenience.”
Independent security analyst n said the issue was “a potentially serious security flaw” and added, “It is easy to imagine how someone could take advantage of it with malicious purposes.”
“In my opinion, TweetDeck isn’t safe to use until the flaw has been fixed,” Cluley said in a blog post.
“So you need to quit TweetDeck right now, and revoke its access to your Twitter account.”
It was not immediately clear if Twitter’s fix had patched the flaws in the browser versions of the program.
Earlier, City University of New York journalism professor Jeff Jarvis tweeted that his account appeared to have been compromised and that Twitter’s advice failed to work.
“Goddamnit, @twitter: 1. Impossible to sign out of Tweetdeck when it’s taken over 2. Killing app, reinstalling & signing in does NADA,” he said.
Founded in 2008 by Iain Dodsworth, Tweetdeck is a favorite of heavy Twitter users, allowing them to view “tweets” in various different ways and to organize their messages into columns — features not offered on the multiblogging platform’s own website.
Twitter bought Tweetdeck in 2011. It had been an independent application until that point.
Two other Web services targeted
Unknown hackers also took down two Web services — the online note-taking firm Evernote and the RSS news site Feedly.
Evernote said on its status page that a denial of service attack began late Tuesday and that most of its services were restored Wednesday.
Feedly said hackers were seeking “to extort us money to make it stop,” and added: “We refused to give in and are working with our network providers to mitigate the attack as best as we can.”
Feedly gained in popularity when Google ended its Reader service, which provided news updates from a variety of websites.
Cluley praised Feedly to refusing the extortion.
“It’s right not to give in to the blackmailers who are essentially running an extortion racket,” he said.
“The danger of paying DDoS blackmailers is that you’re only encouraging them to attack you more, perhaps increasing their financial demands next time.”