X (Formerly Twitter): [Urgent] Invalidating OAuth2 Bearer token makes TweetDeck unavailable

First of all, really sorry for the unintentional DoS : I was testing it with a fresh bearer token but copied the production one accidentally. Details I've noticed that TweetDeck is using OAuth2 to issue requests Authorization Bearer token: http GET...

X (Formerly Twitter): DOMXSS in Tweetdeck

Hi, I would like to report a DOMXSS issue in TweetDeck. Details In Tweetdeck, a tweet contains info of what client app the user used to sent the tweet. The render process is vulnerable to DOMXSS. In https://ton.twimg.com/tweetdeck-web/web/dist/bundle.6f91b4e832.js, the following line is responsib...

X (Formerly Twitter): Can see private tweets via keyword searches on tweetdeck

I'm not the best at finding "why" this happened, but I am pretty sure it's not supposed to. I was keyword searching "protonmail invite" and this came up even though the user was not on public nor did i follow him. I go to twitter.com and search for the exact same tweet, nothing comes up of his...

X (Formerly Twitter): Tweetdeck (twitter owned app) not revoked

I've noticed an issue in tweetdeck & twitter. If you try to revoke tweet deck, no matter what you do, if anyone else is logged in on your account through tweetdeck, they will still be able to use your account. This doesn't properly revoke users, so therefore I thought this as is a bug/problem e.g...

'TweetDeck Teams' Allows Managing Multiple Twitter Accounts Without Sharing Passwords

Many times organizations, companies and groups of people come across the problem when their social media teams have to work within a single Twitter account or maintain multiple twitter accounts. In this case, either they need to use some third party API-based services or they use TweetDeck...

Austrian Teen Ground Zero Of TweetDeck Hack

The last 24 hours have been a sad, scary and frustrating time for an 19-year-old aspiring programmer in Austria who found himself smack in the middle of Wednesday’s TweetDeck mess—all because of a Unicode heart. Twitter’s real-time account dashboard was taken down for a brief time yesterday befor...

TweetDeck Taken Down in Wake of XSS Attacks

TweetDeck services have been disabled for the time being as Twitter tries to get a handle on a cross-site scripting vulnerability that caused mountains of consternation on the social networking platform this morning. We've temporarily taken TweetDeck services down to assess today's earlier securi...

Twitter Takes Tweetdeck Offline due to Vulnerability

Twitter Takes Tweetdeck Offline due to Vulnerability Twitter has taken its Tweetdeck app offline after an apparent bug has possibly given some Tweetdeck users access to others' accounts. The web version of Tweetdeck is currently down, although older desktop editions of the software appear to...

TweetDeck Scam Uses Fake Update As Lure

Compromised Twitter accounts have been used to post links to an exploit portal that poses as a download site for an update to TweetDeck, the popular micro-blogging client software package. Read the full article. The Register...