The short story: This morning at 2:54 am PDT Twitter was notified of a security exploit that surfaced about a half hour before that, and we immediately went to work on fixing it. By 7:00 am PDT, the primary issue was solved. And, by 9:15 am PDT, a more minor but related issue tied to hovercards was also fixed.
The company acknowledges that the exploit seemed to be geared more towards pranking users or promotion (note: of what the Twitter teams fails to elaborate), although they also stated that the exploit thus far didn’t seem to cause mayhem upon anyone’s computer.
While this hack did cause an uproar in the twitterverse (as few knew how dangerous the exploit was), it probably justifies Twitter stance on using their own short URL in order to verify links being shared online.
Either way users should always be careful upon clicking links on Twitter, and only click on links from people (or organizations) that they trust.