Twitter, the popular social media website for broadcasting short messages, said on Tuesday it has suffered an XSS attack, a security flaw on its website, which it is fixing with a patch after users complained, Reuters reports.

The Twitter site was flooded with tweets by users complaining of a “mouseover security flaw” or “Twitter got hacked” as the top trending topics on the home page.

Twitter said on its status blog it expects the patch to be fully rolled out shortly and the company will update users when it is.

According to a blog by security firm Sophos, the website is being widely exploited by users who use a security flaw that allows messages to pop up and third-party websites to open in a browser just by moving a mouse over a link.

Sophos said the messages are spreading virally, exploiting the vulnerability without the consent of users.

Users of third-party Twitter applications such as Tweet Deck and Twhirl appear not to have been affected by the flaw.

Four-year old Twitter has more than 145 million users and is now signing up 370,000 new users daily on average.

It is increasingly challenging established giant Web companies such as Yahoo Inc. and Google Inc. for consumers’ online time.