Twitter.com exploited, then fixed! As you were…

What passes for normality has returned to the Twittersphere, and a “malicious flaw” that appeared on the micro-blogging platform appears to have been fixed.

For about thirty minutes, blacked-out tweets showed up in the user stream of Twitter.com. Hovering over the affected area “would redirect anyone who moved their mouse over it – but didn’t click it – to a Japanese hard-core pornography site.”

The Guardian newspaper quotes a security expert at Sophos who explains that “the Twitter website is being widely exploited by users who have stumbled across a flaw which allows messages to pop-up and third-party websites to open in your browser just by moving your mouse over a link”.

News of the break spread at the speed of light. Tweets like the following began to flood Twitter: “Twitter.com has been hacked.”, “Do not click on the blacked out tweets, they are malicious”, “Tweetdeck is fine but things are fragile.”

Mashable instantly reported that “a security flaw has been widely exploited and thousands of Twitter accounts, redirecting users to 3rd party accounts. The bug is particularly nasty because it works on mouse-over only.”

Chaos extended all the way up to the White House. Memeburn received a tweet directly from US Press Secretary Robert Gibbs exclaiming “My Twitter went haywire – absolutely no clue why it sent that message or even what it is…paging the tech guys…”. Sarah Brown, the wife of former UK Prime Minister Gordon Brown, directed her million followers to the Japaneses hard-core porn site.

Twitter reported through their official Status Blog that they have “identified and are patching a XSS attack; as always, please message @safety if you have info regarding such an exploit. We expect the patch to be fully rolled out shortly and will update again when it is.”