Hot or Not?
Twitter Cross-Site (XSS) Exploit Discovered & Fixed
(CNN) -- Thousands -- possibly hundreds of thousands -- of Twitter users have been hit by a security bug that causes potentially dangerous content to appear on computer screens without warning, according to a researcher at the security firm Sophos.
When users of the popular site "mouse over" a link on Twitter.com, the content appears even if the person did not click on it, says Graham Cluley, the researcher, who recommends users avoid Twitter.com until the issue is fixed.
"It's obviously the most natural thing in the world just to move the mouse across the screen," he said in an interview with CNN. "You don't have to click on a link."
The bad links may also be retweeted, or sent to that person's followers, which causes the security flaw to spread across the network.
The bug could be harmless, doing nothing other than taking users to websites that they did not intend to open, Cluley said. But it also could be exploited by hackers who could use the bug to install malicious software on a person's computer, allowing them to collect personal and financial information, he said.
It appears to affect both the new and old versions of Twitter.com, he said. The site recently updated its look and functionality to include links and videos that open within the pages of Twitter's website. Using the site through third-party software, like TweetDeck or Seesmic, should still be safe, he said.