Few hours ago, an identified “onmouseover” security flaw on Twitter.com was widely exploited by users which allow messages to pop-up and open third-party websites in web browsers, automatically.
The messages were said to spread virally and happens when a user hover a link or when moving the mouse over a link on the dashboard.
According to the software security firm Sophos:
It looks like many users are currently using the flaw for fun and games, but there is obviously the potential for cybercriminals to redirect users to third-party websites containing malicious code, or for spam advertising pop-ups to be displayed.
You can watch this video demonstrating the exploit on Twitter.
Users of third-party Twitter client like Hootsuite and Tweetdeck are safe, as the exploit only works on Twitter.com website.
However, in a post– Twitter says that the said exploit, a.k.a. XSS attack, has already been identified and patched. That means it’s safer now to visit Twitter.com.