If you ever see a Twitter pop-up message that looks like the following:
RUN! Close down your browser, turn off your computer, do not pass “Go”, do not collect $200!
Why such panic? Because, if you ever see a pop-up similar to that above, it may not be as innocuous as the one created by the guys over at Dave Naylor’s blog. In fact, someone with half an ounce of tech savvy could
…make a Twitter ‘application’ and start sending tweets with it. Using the simple instructions below, it can be arranged so that if another Twitter user so much as sees one of these tweets – and they are logged in to Twitter – their account could be taken over.
Yikes!
Twitter confirmed that the exploit had been fixed, but apparently no one over at Twitter thought to contact Naylor’s team to learn exactly how they exploited the web interface, because even after the fix, they replicated it.
If you’re using a third-party application to send and read Tweets, you should be safe. Other advice includes:
- If you’re not logged in to Twitter, there’s no opportunity to steal your details or impersonate you, however malicious code could still send you to other websites or otherwise annoy you, so it doesn’t completely fix the problem.
- Unfollow anyone you don’t know or don’t trust that could be exploiting this. Who’s to say they’re not already stealing your details? If you don’t see their tweets they can’t harm you.
Let’s hope that Twitter gets a real fix in place soon.
