Tweetdeck hit by XSS vulnerability - comment from George Anderson, Director at Webroot
June 2014 by George Anderson, Director at Webroot
Cross site scripting or XSS is a type of exploit that usually works in a website or a web application. It allows the attacker to run a script on the users device, which makes XSS vulnerability so dangerous. The script is able to send any sensitive information accessible from within the browser back to the hacker, so a potential attacker can gains access to the user’s private information – such as passwords, usernames and card numbers.
As Tweetdeck is a web app, signing out might help to contain the infection, as long as users devices are not already infected. Because XSS steals the cookie sign-on information, users should get rid of all saved passwords, as well as sign-in again on a secure browser session and change their login-ins. It’s also best not to use Tweetdeck as long as it remains infected.