According to reports, security analysis firm Sophos said that running a mouse over (or hovering) certain Tweets activated hardcore site pop-ups, sent users messages and redirected tweeters to other sites.
"It's tens of thousands if not hundreds of thousands of messages that have been posted," said Sophos's senior technology consultant Graham Cluley. "Hopefully Twitter is aware of this and is trying to shut it down."
The hack apparently automatically triggers the “onMouseOver” JavaScript code when a user visits the Twitter.com site and starts causing havoc.
A message on the company's safety account mentions the problem: "We've identified and are patching a XSS attack; as always, please message @safety if you have info regarding such an exploit," the company said.
Cluley said, "It's pretty widespread and has left some major egg on the face of Twitter," adding "There was no reason for code like this to run at all, much less act in such a malicious fashion — a security flaw the company ought to have flagged itself."
"It shouldn't be possible to plant JavaScript code like this into your Tweets," he said.
Porn aside, concerns are being raised that the glitch could provide criminals the means to redirect users to third-party sites with malicious code.
Tweeters are being advised to stay away from the site until the issue is resolved.
