TweetDeck outage due to to 'heart' symbol: Bug accidentally discovered by Austrian teenager

A TweetDeck security flaw led to an outage for several hours last night, before Twitter finally fixed the issue. Now, a new report suggests that the problem occurred accidentally due to some experiment by a teenager.

A 19-year-old Austrian named Florian – with less than 100 followers – is believed to have tweeted a simple test from his Twitter account @FiroXL that included ‘some simple tags along with a heart symbol and a German phrase’ that translates to “I wonder if this will work…”

Florian had accidentally stumbled upon the XSS bug that surfaced earlier in 2011. Basically, the ‘&hearts’ made a heart symbol in HTML and led to an opening in TweetDeck’s software. It further led to a software bug. He tried it over and over again, until he discovered something was wrong and alerted TweetDeck.

Meanwhile, the author of Hidden Text writes, “I had a brief chat with  @firoxl  and it appears that the bug was discovered by accident. I was using TweetDeck, suddenly there were 2 hearts. I made some experiments and discovered that TweetDeck doesn’t escape HTML-chars if there is that Heart in the tweet,” added the Hidden Text author.

So, every time there was a love heart in someone’s tweet, there was a pop-up stating an XSS in Tweetdeck, the report further adds. The problem has now been fixed, and users simply need to log out of their Tweedeck and login again to fix the issue.

Florian later told The Verge that it was an accident and he didn’t want to make anything public or harm any users. In fact, he was surprised at the pace at which the bug cycled out of control and got mainstream attention.