Just a day after Google’s social network Orkut was ravaged by the “Bom Sabado” worm, Twitter has possibly fallen victim to a XSS (cross-site scripting) attack.
Details are scarce at the moment, but the gist of the matter is that you should strictly avoid clicking links in any tweet that begins with a WTF. If you do, then be prepared for a barrage of embarrassing messages like these being tweeted out from your account:
The attack has already claimed high profile tweeps like Robert Scoble and Zee.
Update 1: Twitter has issued a statement that states, “A malicious link is making the rounds that will post a tweet to your account when clicked on. Twitter has disabled the link, and is currently resolving the issue.”
Update 2: Twitter is now saying that they have fixed the exploit and are in the process of removing the offending Tweets. While Twitter succeeded in nipping the problem in the bud through their quick response, this attack comes just five days after a major XSS vulnerability resurfaced in its web interface. Twitter clearly needs to do a better job at plugging the holes.