If you saw little hearts all over Twitter on Wednesday — with or without a long string of code — you definitely were not alone.

TweetDeck, Twitter’s tool for real-time tracking and engagement of posts, was found to be vulnerable to cross-site scripting (XSS), a type of computer vulnerability commonly found in web applications that allows hackers to inject script into webpages to access user accounts and important security information.

TweetDeck said the vulnerability was fixed, but here are the company's official responses from Twitter:

A security issue that affected TweetDeck this morning has been fixed. Please log out of TweetDeck and log back in to fully apply the fix. — TweetDeck (@TweetDeck) June 11, 2014

We've temporarily taken TweetDeck services down to assess today's earlier security issue. We'll update when services are back up. — TweetDeck (@TweetDeck) June 11, 2014

We've verified our security fix and have turned TweetDeck services back on for all users. Sorry for any inconvenience. — TweetDeck (@TweetDeck) June 11, 2014

Trey Ford, global strategist at security firm Rapid7, provided greater detail into the TweetDeck bug:

This vulnerability very specifically renders a tweet as code in the browser, allowing various cross site scripting (XSS) attacks to be run by simply viewing a tweet. The current attack we’re seeing is a 'worm that self-replicates by creating malicious tweets. It looks like this primarily affects users of the Tweetdeck plugin for Google Chrome.

Ford said logging out and back in should fix the problem, as "one of the most common and useful XSS attacks is used to steal the user’s session, effectively enabling an attacker to log in as you." Unfortunately, some Twitter users said this "log in and log out" technique wasn't working for them initially. Also, trying to un-retweet the spam tweet delivered the following error message:

According to programmer Chris Williams, Tweetdeck was “not stripping out dangerous scripting code from tweets,” which in turn allowed anyone to “run Javascript in the context of another user.”

@astroehlein at the moment, people are just opening alert boxes. Next, there'll be tweets trying to steal login tokens etc — Chris Williams (@diodesign) June 11, 2014

The vulnerability reportedly affected Tweetdeck's browser plug-in for Google Chrome. It didn't seem to affect the desktop app for Mac or Windows, but users are still recommended to log out and log back in again just in case.

TweetDeck, which was acquired by Twitter in 2011 for $40 million, is an app that lets you manage multiple Twitter accounts in one place. It shows tweets in real-time without you having to refresh your feed. It's mostly used by social media marketers, journalists and other Twitter power users.

Here are more images of what users saw from the TweetDeck bug.