An XSS worm has hit twitter this morning and appears to have affected hundreds of thousands of users. Sophos has a good technical writeup at http://www.sophos.com/blogs/gc/g/2010/09/21/twitter-onmouseover-security-flaw-widely-exploited/
ARSTechnica has some coverage about Magnus Holm, the author of the worm.
http://arstechnica.com/security/news/2010/09/twitter-worms-spread-quickly-thanks-to-blatant-security-flaw.ars
I'll update this post once a more accurate count of affected users is published.
