The Brazilian social network Orkut has been hit by a cross-site scripting (XSS) vulnerability that affected around 400,000 users.
Kaspersky Lab's Fabio Assolini said that the Google-owned website, used by 26 million Brazilians, was hit by an attack that requires no user interaction to be compromised.
“Everyone who is infected with this script is being added silently to a community called ‘Infected by the Virus of Orkut', which registers all of the users compromised by this new vulnerability.”
The description of the community translates as ‘You arrived here by a serious security vulnerability in Orkut. This vulnerability has already reported to Google and must be fixed soon. This community only has the intention of forcing a quicker fix'.
An update said that after more than 400,000 users were affected, Google fixed the XSS on Saturday night.