The short story: This morning at 2:54 am PDT Twitter was notified of a security exploit that surfaced about a half hour before that, and we immediately went to work on fixing it. By 7:00 am PDT, the primary issue was solved. And, by 9:15 am PDT, a more minor but related issue tied to hovercards was also fixed.

The longer story: The security exploit that caused problems this morning Pacific time was caused by cross-site scripting (XSS). Cross-site scripting is the practice of placing code from an untrusted website into another one. In this case, users submitted javascript code as plain text into a Tweet that could be executed in the browser of another user.

We discovered and patched this issue last month. However, a recent site update (unrelated to new Twitter) unknowingly resurfaced it.

Early this morning, a user noticed the security hole and took advantage of it on Twitter.com. First, someone created an account that exploited the issue by turning tweets different colors and causing a pop-up box with text to appear when someone hovered over the link in the Tweet. This is why folks are referring to this an “onMouseOver” flaw -- the exploit occurred when someone moused over a link.

Other users took this one step further and added code that caused people to retweet the original Tweet without their knowledge.

This exploit affected Twitter.com and did not impact our mobile web site or our mobile applications. The vast majority of exploits related to this incident fell under the prank or promotional categories. Users may still see strange retweets in their timelines caused by the exploit. However, we are not aware of any issues related to it that would cause harm to computers or their accounts. And, there is no need to change passwords because user account information was not compromised through this exploit.

We’re not only focused on quickly resolving exploits when they surface but also on identifying possible vulnerabilities beforehand. This issue is now resolved. We apologize to those who may have encountered it.

on this information page. Here are some highlights:

• New design. The site has a cleaner timeline and a rich details pane that instantly adds more impact to individual Tweets while still maintaining the simplicity of the timeline. And, experience infinite scroll -- you no longer have to click “more” to view additional Tweets.
• Media. Now, it’s easy to see embedded photos and videos directly on Twitter, thanks to partnerships with DailyBooth, deviantART, Etsy, Flickr, Justin.TV, Kickstarter, Kiva, Photozou, Plixi, Twitgoo, TwitPic, TwitVid, USTREAM, Vimeo, yfrog, and YouTube.
• Related content. When you click a Tweet, the details pane shows additional information related to the author or subject. Depending on the Tweet’s content, you may see: replies, other Tweets by that user, a map of where a geotagged Tweet was sent from, and more.
• Mini profiles. Click a username to see a mini profile without navigating from the page, which provides quick access to account information, including bio and recent Tweets.

These changes will roll out as a preview over the next several weeks starting with a very small percentage of registered accounts tonight. During the preview, you'll be able to switch back and forth so you have time to grow accustomed to the way things work. Eventually, everyone will have the updated version of Twitter.com. We are incredibly proud of the work the Twitter web team has accomplished. We hope you are too!

It’s New York’s biggest week in fashion, and Twitter is bringing you a front row seat.

Starting today, Twitter and American Express will provide real-time access to Fashion Week featuring exclusive photos, commentary, and first looks at the top names in fashion.

Go to

Just over four months ago, at Twitter for Android, which launched a new version this week.

This strategy has been quite successful. Total mobile users has jumped 62 percent since mid-April, and, remarkably, 16 percent of all new users to Twitter start on mobile now, as opposed to the five percent before we launched our first Twitter-branded mobile client. As we had hoped in April, these clients are bringing more people into Twitter, and, even better, they are attracting and retaining active users. Indeed, 46 percent of active users make mobile a regular part of their Twitter experience.

How people are using Twitter
Our Twitter for iPhone and Twitter for BlackBerry clients are now two of the most popular ways to use Twitter. This may not be surprising. What may be more surprising are the other top ways people use the service. The following chart shows the top ten applications people have used to access Twitter in the last 30 days. This is based on number of unique users. That is, out of all the people who logged into their Twitter account during the month, what percentage did so via each service. (The total is more than 100% because people often use more than one app.)

No need to login: You don’t even need to sign up to get started with Twitter for iPad. We’ve selected great Twitter accounts that you can see in various categories, such as Art & Design, Sports, and News. You can also search, view trends, and find breaking news. Sign up at any time to create your own timeline and start tweeting.

Twitter for iPad is available worldwide from the App Store. Try it out and let me, @lorenb, and @bhaggs know what you think.