TweetDeck back online, questionable security flaw fix in place

Hackers are after you

TweetDeck

Update 2: TechRadar staffers are reporting TweetDeck's fix isn't working, meaning logging in and logging out won't protect you from someone retweeting from your account, or worse.

We suggest staying clear of TweetDeck, revoking access to your Twitter if you have it set up, and changing your password (just to be safe) until we get official word all is well.

Update 1: TweetDeck access is back, according to a tweet the beleaguered service sent after an hour-plus security kerfuffle.

"We've verified our security fix and have turned TweetDeck services back on for all users. Sorry for any inconvenience," TweetDeck wrote.

It's unclear whether users must log in, log out and finally log back in to apply "our security fix," one that supposedly keeps hackers who can supplant JavaScript code at bay.

We've asked TweetDeck to confirm if that's the case or not, but we suggest you do so just to be safe.

Original article below...

TweetDeck has been taken offline in order to address a security issue, and users can't log into the service (Update: It's back!).

The development comes after the tweet-posting web app had advised users to log out and log back in to apply a fix to a security vulnerability. If you're still in TweetDeck, get out now.

An XSS security vulnerability was spotted earlier in the day, a flaw that potentially gave hackers access to users accounts when they were logged in, according to Mashable. Users on Chrome seemed to be the only ones affected.

Damn pop-ups

As noted by The Verge, the vulnerability lets hackers remotely access JavaScript code and implant their own.

So far attackers seem to be sticking to annoying pop-up windows and spamming retweets, but they could potentially do much worse damage.

Again, only users of the TweetDeck web application on Chrome seem to be affected, but it's advisable to log out of the service no matter where you're accessing it.

When asked for comment, a Twitter spokesman told TechRadar it directing people to the @TweetDeck tweets coming out about the situation.