Twitter says suffered security attack

* Twitter identifies problem as XSS attack

* Says is fixing the problem with a patch

NEW YORK, Sept 21 (Reuters) - Twitter, the popular social media website for broadcasting short messages, said on Tuesday it has suffered an XSS attack, a security flaw on its website, which it is fixing with a patch after users complained.

The Twitter site was flooded with tweets by users complaining of a “mouseover security flaw” or “Twitter got hacked” as the top trending topics on the home page.

Twitter said on its status blog it expects the patch to be fully rolled out shortly and will update users when it is.

According to a blog by security firm Sophos, the website is being widely exploited by users who use a security flaw which allows messages to pop up and third-party websites to open in a browser just by moving a mouse over a link.

Sophos said the messages are spreading virally, exploiting the vulnerability without the consent of users.

Users of third-party Twitter applications like Tweet Deck and Twhirl appear not to have been affected by the flaw.

Four-year old Twitter has more than 145 million users and is now signing up 370,000 new users daily on average.

It is increasingly challenging established giant web companies such as Yahoo Inc YHOO.O and Google Inc GOOG.O for consumers' online time. (Reporting by Yinka Adegoke, editing by Gerald E. McCormick)