The Future Is Here
We may earn a commission from links on this page

There Was a New Twitter Exploit and It Was Spreading Like Wildfire

We may earn a commission from links on this page.

Twitter is seriously screwed up at the moment, thanks to a new Javascript exploit that's currently slamming the service. Visitors of Twitter's website are inadvertently retweeting spam and porn to their followers, just by hovering over tweets. UPDATE: Patched

Update: As of 9:50, Twitter says "The exploit is fully patched."

The exploit takes advantage of the Javascript function onMouseOver, enticing users with colorful blocks of text—"rainbow tweets"—and then retweeting those messages automatically when the block is moused over. In some cases the links launch pop up windows, in others users are being directed to spam and porn sites. Update: Commenter RawheaD points out that one variant turns the whole browser window into a MouseOver area, so putting your mouse anywhere in the window will trigger a retweet.


Reader Mike sent a video of the exploit in action. As soon as he moves his cursor from the toolbar to the body of the page, it retweets the exploit and attempts to send a Direct Message.

Sarah Brown, wife of former British Prime Minister Gordon Brown, was hit with the exploit earlier this morning. Her page displayed a gigantic letter "h" and redirecting users to a Japanese porn site.


Third party apps are safe from the bug and can be used to delete the inadvertant retweets if you've been hit. But for now, because the exploit is spread merely by hovering over tweets, visiting the Twitter website almost guarantees that you'll inadvertently end up spamming your followers. [Sophos]