Twitter has patched a security flaw that allowed thousands of accounts to be exploited, sending automated Tweets and redirecting users to websites without their consent.
Twitter initially resolved this issue back in August, but a recent update to the site "unknowingly resurfaced it," according to a post on the company blog Tuesday afternoon.
The issue was first made public by Sophos, a company that makes web security software, in a blog post early Tuesday morning after a number of high-profile Twitter accounts were affected by the bug. The site points out that initially the flaw had been used only for "fun and games," redirecting users to porn sites rather than exposing them to malware.
Twitter made a similar point in their blog post, "The vast majority of exploits related to this incident fell under the prank or promotional categories."
Among the high-profile victims is Press Secretary Robert Gibbs. After an auto-tweet appeared on his account, Gibbs posted, "My Twitter went haywire - absolutely no clue why it sent that message or even what it is...paging the tech guys..."
"I simply wanted to exploit the hole without doing any 'real' harm," he said in an interview with BBC News. "It started off as 'ha, no way this is going to work'."
Earlier in the day Judofyr tweeted, "as far as I know, I started the first worm, but I can't say for sure," but he claimed to have found the flaw on rainbowtwtr's account, adding "I only came up with the idea to turn it into a worm."
That worm was spread through at least 200,000 messages, according to BBC News.
For the tech junkies out there, The Next Web offers a more in-depth explanation of the cross-site scripting vulnerability.