The flaw, which was exposed in a casual tweet, was exploited by hackers and in a few hours, Twitter was under attack. The "MouseOver" JavaScript code that was exposed automatically opened a pop up window when a user simply hovered his mouse over links on Twitter. This spelt a golden opportunity for hackers who used the flaw to make people click on links they might have not clicked usually. Most of these links lead to adult and infected websites.
Twitter explained about the attack in a detailed blog post and added that it was aware of the flaw a month back and had already fixed it. However, a recent update to the site caused the security hole to reappear and was then forgotten. Bob Lord, a spokesperson from the Twitter Security team says, "First, someone created an account that exploited the issue by turning tweets different colors and causing a pop-up box with text to appear when someone hovered over the link in the tweet. Other users took this one step further and added code that caused people to re-tweet the original Tweet without their knowledge."
Twitter confirmed that it would not be pursuing legal action against the perpetrators of the attack - nor will it identify individuals publicly who might have been involved in these attacks.
