Looks like another vulnerability in Twitter’s site has introduced a new hack or prank today.

So unless you want a vulgar comment tweeted from your account about you and a goat do not click on any links or tweeted entries that begging with WTF.

Here is what they look like:


I am sure there will be more to follow on this one like the one earlier in the week.

Update at 2:25 PM (EDT): This hack is apparently also hitting users in third party applications as well.  Twitter is also on it as they posted the following tweet about the attack:


Update at 2:30 PM (EDT):  The vulnerability that made goats a trending topic on Twitter has been fixed:


Final Update at 2:51 PM (EDT): A comment from this post on TechCrunch explains how the vulnerability did its thing:

As commenter Andrew Nacin points out, the bug is called a cross-site script forgery. Web programming security 101. It should only affect, as it relies on an iframe of and a little JavaScript to post the tweet form (twice). It seems that if you click this link “”, and you are signed into Twitter, it will autotweet two Tweets with the sex with goats bit and the WTF link.

Thanks to @scobleizer for the reference to that comment and article.