Twitter has been given the all clear after a worm infected “tens of thousands of users”. But experts say the attack could have been much worse.
Over the weekend, a self-replicating computer program, or worm, began to infect profiles on the social network.
The worm was set up to promote a Twitter rival site, showing unwanted messages on infected user accounts.
Michael Mooney, a 17-year-old US student, told the Associated Press he created the worm to promote his site.
Mooney, who lives in Brooklyn, New York, said he wanted to expose vulnerabilities in Twitter. He told AP: “I really didn’t think it was going to get that much attention, but then I started to see all these stories about it and thought, ‘Oh, my God’.”
The worm worked by encouraging users to click on a link to the rival Twitter site, called StalkDaily.com.
Once the link was clicked, infected users themselves automatically began to send out messages to friends, promoting the site.
No personal or sensitive information, such as passwords, was compromised in the attacks, according to Twitter, which has more than seven million users.
Mikko H Hypponen, chief research officer at security specialists F-Secure, told BBC News the attack could have been much worse.
“All the problems stayed on Twitter. Even if you were infected, nothing happened to your computer.
“It would have been simple to integrate a web browser exploit into this so that you could have done anything you wanted to the infected computer, including recording all keyboard strokes and capturing credit card details.”
Mr Hypponen said he was surprised that the vulnerability had been present in Twitter.
“It was a very basic vulnerability. Similar holes were found in other web social services, such as MySpace and Facebook, quite a while ago.
“I guess Twitter has learned its lesson.”
In a blog posting on Monday, Twitter co-founder Biz Stone said: “We are still reviewing all the details, cleaning up, and we remain on alert.”
In all, there were four waves of attacks on Twitter.
The website said it had deleted almost 10,000 tweets, or messages, that could have continued to spread the worm.
Mr Hypponen said F-Secure had monitored at least one variant of the worm attack, using a link in a message that pledged to clear up the problem. It had been clicked on at least 18,000 times.
“We would estimate that tens of thousands of users were infected.”
He added: “The root cause for these problems is that social networks are interactions with other people and we inherently trust the messages from people we know in real life or virtually.
“So when you get a message from someone on Twitter you trust it because in real life fake messages like this rarely happen.”
Twitter has promised to conduct a “full review of the weekend activities”.