UPDATE, June 11, 2 p.m. ET: TweetDeck confirmed that its services are back on for all users. A 19-year-old Austrian Twitter user said he discovered the vulnerability by accident.
We've verified our security fix and have turned TweetDeck services back on for all users. Sorry for any inconvenience.— TweetDeck (@TweetDeck) June 11, 2014
Our original story appears below.
TweetDeck disabled access to its popular web app on Wednesday after releasing a statement that the service was the subject of a XSS ("cross-site scripting") security vulnerability that could allow hackers to gain access to users' accounts.
TweetDeck is Twitter's in-house app that lets users create and build custom timelines and keep track of lists, searches and activities in one place. Twitter originally said the issue had been fixed, but has since taken the service completely offline.
[seealso slug="tweetdeck-down-19-year-old-accident/"]
We've temporarily taken TweetDeck services down to assess today's earlier security issue. We'll update when services are back up.— TweetDeck (@TweetDeck) June 11, 2014
Before taking down TweetDeck, Twitter advised users to log out of the app and sign back in to "apply the fix." According to complaints on Twitter, the issue seems to only be affecting people accessing TweetDeck via the Google Chrome browser.
A security issue that affected TweetDeck this morning has been fixed. Please log out of TweetDeck and log back in to fully apply the fix.— TweetDeck (@TweetDeck) June 11, 2014
For users to apply the fix within Twitter, visit Twitter > Settings > Apps and then click "Revoke Access" to the TweetDeck app. While the fix doesn't seem to be working for everyone, try clearing your browser cache for the fix to stick.
Welp. Logged out of Tweetdeck, logged back in, and got this: So clearly Twitter's "fix" does not work! pic.twitter.com/Sv7bpvaqfQ— Matt Rosoff (@MattRosoff) June 11, 2014
Twitter has not yet responded to a request for comment, but the vulnerability is believed to allow attackers to remotely execute javascript code if the app goes unfixed.
We will continue to monitor the situation and update this post accordingly.