Tweetdeck Got Hacked Today And An Austrian Teenager Has Taken Credit

Update: A 19-year-old has taken responsibility for the attack, which he reportedly triggered accidentally.

1. Updated 4:23 p.m. ET

2. Tweetdeck was hacked Wednesday morning, with many users seeing strange pop-ups while using the service.

4. The hack came about because basically there was a vulnerability in the Tweetdeck code that stops Javascript from becoming text.

5. Which means people can us cross-site scripting or XSS to make your Tweetdeck say things to you, like “penis” for instance.

6. The hack was reportedly brought about by a 19-year-old Austrian computer geek named Florian, who was trying to use a heart symbol like this “” loaded with a string of code.

His tweet translates roughly to “I wonder if this will work.”

Ob das wohl funktioniert: Test ♥

— Firo Xl (@firoxl)

8. It did work, and the teen, who had less than 100 followers, found a little-known flaw in the system, The Verge reports:

[T]he tags did their job and the heart symbol, which Twitter would normally mangle, came through TweetDeck just fine, indicating the service was executing commands from plaintext. @FiroXL wasn’t aware of the initial vulnerability, discovered back in 2011, but he had accidentally stumbled back onto it.

Bug found by @firoxl :-) #XSS #Tweetdeck

— Arthur Frayn (@_d3f)

10. Florian (who prefers to go by Firo, and withheld his last name for privacy reasons) told CNN he was just messing around and didn’t mean to find the opening in Tweetdeck’s software.

“It wasn’t a hack. It was some sort of accident,” he said.

11. Firo added a heart to a bunch of tweets as an experiment, eventually creating a pop-up on his own dashboard.

He then announced, “Vulnerability discovered in TweetDeck. \ o /”

Though he told Twitter about the vulnerability, the hacker community had already noticed. That’s when the mass hijacking proceeded.

13. Tweetdeck continued to have problems throughout the day.

We've temporarily taken TweetDeck services down to assess today's earlier security issue. We'll update when services are back up.

— TweetDeck (@TweetDeck)

14. The XSS bug might have enabled hackers to access your login credentials and it wouldn’t be too hard for them to get into your email, so it’s probably a good idea to change your password.

hackers from 2007 are currently rickrolling ppl on TweetDeck tho

— Anthony B. L. Smith (@AnthonyBLSmith)

Check out more articles on!

Ryan Broderick is a reporter for BuzzFeed News and is based in London.
Contact Ryan Broderick at
Rachel Zarrell is a news editor for BuzzFeed News and is based in New York.
Contact Rachel Zarrell at
Got a confidential tip? Submit it here.
Now Buzzing