Twitter, the popular social media website for broadcasting short messages, said on Tuesday it has suffered an XSS attack, a security flaw on its website, which it is fixing with a patch after users complained.

The Twitter site was flooded with tweets by users complaining of a “mouseover security flaw” or “Twitter got hacked” as the top trending topics on the home page.

Twitter said on its status blog it expects the patch to be fully rolled out shortly and will update users when it is.

According to a blog by security firm Sophos, the website is being widely exploited by users who use a security flaw which allows messages to pop up and third-party websites to open in a browser just by moving a mouse over a link.

Visa Inc is participating in a test program started by rival MasterCard Inc that will let consumers pay for some New York subway tickets by tapping a credit card or a smartphone at the turnstile.

MasterCard said in June that it was working with New York and New Jersey mass transit agencies on a six-month pilot program to test “contactless” payments on certain commuter routes.

The program allows consumers to buy a subway, bus or train ticket by tapping or waving their credit or debit card, or a sticker attached to the back of their phone, over a turnstile electronic reader, instead of buying a separate ticket.

Google Inc. is making it tougher for computer hackers and other imposters to break into e-mail accounts and other password-protected services.

An additional security measure introduced Monday will require typing a six-digit code after an accountholder’s Google password is entered. The codes will be sent to people’s mobile phones.

The two-step process means it will take more than a password to get into an account, at least the first time that an attempted login is made from a particular computer. After logging in, users can ask Google to remember that their identity has been verified on that device and security codes won’t be required to get into the account again.

I think this security measure raises privacy concerns about giving out their phone number to Google, which already holds too much private information. Up until now associating your phone number with your Google account was not mandatory, and not many users used it. This way Google is forcing users to give out their phone number