under attack!

The Twitter website is being widely exploited by users who have stumbled across a flaw which allows messages to pop-up and third-party websites to open in your browser just by moving your mouse over a link.

UPDATE: The flaw has been patched. Thanks Vasu.

It appears that in some cases the Twitter pages have been messed with in an attempt to redirect visitors to a hardcore adult site based in Japan.

Thousands of Twitter accounts have posted messages exploiting the flaw.

It looks like many users are currently using the flaw for fun and games, but there is obviously the potential for cybercriminals to redirect users to third-party websites containing malicious code, or for spam advertising pop-ups to be displayed.

Hopefully Twitter will shut down this loophole as soon as possible – disallowing users to post the onMouseOver JavaScript code, and protecting users whose browsing may be at risk.

Do not use Twitter website currently! Right now you might be safer using a third-party Twitter client rather than the website, advises Sophos.

Posted by with Tags
Anand Khanse is the Admin of, a 10-year Microsoft MVP Awardee in Windows (2006-16) & a Windows Insider MVP. He enjoys following and reporting Microsoft news and developments in the world of Personal Computing & Social Media.


  1. This bug is exploting twitter web UI, Stop using twitter web UI for now. ANd use any twitter client.

  2. twitter bug patched—- XSS attack identified and patched.

Leave a Reply

Your email address will not be published. Required fields are marked *

7 + 7 =