A glitch allowed hackers to use “onmouseover” actions — triggered when you hover your cursor over a link — to send users to strange sites and send out gibberish-laden tweets. Users accessing Twitter through third-party clients were unaffected.
According to Twitter employees, it’s safe to go back to Twitter.com now:
“Regarding the XSS attack, it should now be fully patched and is no longer exploitable. Thanks to those who reported it.”
Or, as Twitter engineer Alex Choi put it, “log out, log back in, relax, we’re good.”