After suffering a significant outage yesterday, Twitter disclosed late Friday afternoon Pacific time that it had been hacked and the accounts of 250,000 users had been compromised.
Bob Lord from the Twitter security team explained the security breach on Twitter.com that occurred early Tuesday morning — in which users who hovered over links were directed to suspect Web sites and spam messages were automatically generated and retweeted — in a post on the Twitter Blog:
The short story: This morning at 2:54 a.m. PT, Twitter was notified of a security exploit that surfaced about a half-hour before that, and we immediately went to work on fixing it. By 7 a.m. PT, the primary issue was solved. And, by 9:15 a.m. PT, a more minor but related issue tied to hovercards was also fixed.
We discovered and patched this issue last month. However, a recent site update (unrelated to new Twitter) unknowingly resurfaced it.