You might want to stay off of Twitter.com for a while until this all gets sorted out, but apparently plenty of people (myself included) are finding that simply hovering the mouse cursor over links on Twitter’s site is causing random spam-like popups, retweets, and other bad stuff to happen.
“The Twitter website is being widely exploited by users who have stumbled across a flaw which allows messages to pop-up and third-party websites to open in your browser just by moving your mouse over a link. Messages are also spreading virally exploiting the vulnerability without the consent of users.”
It doesn’t appear to be affecting software applications that access Twitter (Seesmic, TweetDeck, etc.), but going directly to Twitter.com has been causing problems for some users.
UPDATE: Looks like things might be back under control. It still may be a good idea to stay off Twitter.com until we hear something official, though.
UPDATE 2: Directly from Twitter, posted at around 9:43 AM Eastern:
“We’ve identified and are patching a XSS attack; as always, please message @safety if you have info regarding such an exploit.
We expect the patch to be fully rolled out shortly and will update again when it is.”
UPDATE 3: Per Twitter: “Update (6:50 PDT, 13:50 UTC): The exploit is fully patched.”