Twitter said on Tuesday (Sept. 21) it has suffered an XSS attack, a security flaw on its website, which it is fixing with a patch after users complained.

The Twitter site was flooded with tweets by users complaining of a "mouseover security flaw" or "Twitter got hacked" as the top trending topics on the home page.

Twitter said on its status blog it expects the patch to be fully rolled out shortly and will update users when it is.

According to a blog by security firm Sophos, the website is being widely exploited by users who use a security flaw which allows messages to pop up and third-party websites to open in a browser just by moving a mouse over a link.

Sophos said the messages are spreading virally, exploiting the vulnerability without the consent of users.

Users of third-party Twitter applications like Tweet Deck and Twhirl appear not to have been affected by the flaw.

Four-year old Twitter has more than 145 million users and is now signing up 370,000 new users daily on average.

Questions? Comments? Let us know: @billboardbiz

Print