Skip to main content

Twitter hit by security exploit

UPDATE 21/09/10, 15:20 BST: Twitter's head of Trust and Safety has said that the mouse-over exploit that caused havoc on the micro-blogging site earlier today has now been patched.

For more details, read our latest article here (opens in new tab).


UPDATE 21/09/10, 13:25 BST: The recently discovered security exploit has been reported as prompting the outbreak of a worm that can infect users' PCs, replicating itself and sending out more infected tweets.

Twitter users accessing the site via the service's own web interface are advised not to roll their mouse over any tweet containing dotted link underlines, or with its characters blocked out in black or other coloured bars.

So far, Android, iOS and third-party Twitter clients are reported to be unaffected, but extreme caution is urged.

Twitter has so far given no indication as to how - or when - it will fix the security hole.


Users of micro-blogging site Twitter are being targeted by pranksters exploiting a security flaw that enables pop-up messages to appear, or third-party web sites to open in the user's browser, when the user moves their mouse over a link.

Thousands of messages taking advantage of the flaw have already been reported.

The flaw will be a major embarrassment for Twitter, having last week launched to great fanfare its 'New Twitter' interface, which uses the automatic pop-up feature to displaying video and other content from within the main Twitter window.

So far the exploit appears only to have been used for fun, but security expert Graham Cluley of Sophos warned on his blog (opens in new tab) that the exploit could soon be used by criminals to direct users to websites containing malicious code.

The exploit takes advantage of the onMouseOver JavaScript code in Twitter, and has also been used to create tweets that contain blocks of colour - already nicknamed 'rainbow tweets'.

Users are advised to exercise caution over tweets from users that they don't know. monitors all leading technology stories and rounds them up to help you save time hunting them down.