Yesterday, many Tweeters were aghast to find themselves redirected to strange websites when rolling over links and sending tweets they never twitted. It was all the act of malicious users who were taking advantage of a hole in Twitter?s website security. Fortunately, it that hole has now been closed.</p> <p>This particular attack was quite wicked in the fact that all it took was hovering over a link ? no need to even click ? and within seconds a series of auto-tweets began in the user?s name. The attacks only affected those using Twitter.com; mobile sites and third-party Twitter applications were unaffected.</p> <p>The security hole the attackers came through was not a new one. Twitter says it actually discovered that hole last month and patched it. However, unbeknownst to the Twitter staff, a recently applied update (not related to the new Twitter) reopened the hole; and thus the malicious group got in.</p> <p>Twitter has now re-patched the hole and the site is once again secure. Fortunately, most of the hijacking, redirecting and auto-tweeting was for prank and/or promotional purposes, making the stunt more annoyance than threat. There is no knowledge of any user accounts compromised or computers harmed during the event.</p> <p>Although Twitter and its users are suffering no repercussions from yesterday?s attacks, the incident serves as a reminder of how easy and quickly a large social networking website can be exploited; and next time it might not be a simple prank/promotional stunt. Hopefully, Twitter (and others) will take note and more diligence will be applied to their code auditing procedures.