Tweetdeck was hacked Wednesday morning, with many users seeing strange pop-ups while using the service.
Which means people can us cross-site scripting or XSS to make your Tweetdeck say things to you, like "penis" for instance.
The hack was reportedly brought about by a 19-year-old Austrian computer geek named Florian, who was trying to use a heart symbol like this "♥" loaded with a string of code.
His tweet translates roughly to "I wonder if this will work."
It did work, and the teen, who had less than 100 followers, found a little-known flaw in the system, The Verge reports:
[T]he tags did their job and the heart symbol, which Twitter would normally mangle, came through TweetDeck just fine, indicating the service was executing commands from plaintext. @FiroXL wasn't aware of the initial vulnerability, discovered back in 2011, but he had accidentally stumbled back onto it.
Florian (who prefers to go by Firo, and withheld his last name for privacy reasons) told CNN he was just messing around and didn't mean to find the opening in Tweetdeck's software.
"It wasn't a hack. It was some sort of accident," he said.
Firo added a heart to a bunch of tweets as an experiment, eventually creating a pop-up on his own dashboard.
He then announced, "Vulnerability discovered in TweetDeck. \ o /"
Though he told Twitter about the vulnerability, the hacker community had already noticed. That's when the mass hijacking proceeded.
Tweetdeck continued to have problems throughout the day.
The XSS bug might have enabled hackers to access your login credentials and it wouldn't be too hard for them to get into your email, so it's probably a good idea to change your password.
Ryan Broderick is a reporter for BuzzFeed News and is based in London.
Contact Ryan Broderick at firstname.lastname@example.org.
Rachel Zarrell is a news editor for BuzzFeed News and is based in New York.
Contact Rachel Zarrell at email@example.com.
Got a confidential tip? Submit it here.