• The New York Times
• The Washington Post
• The Wall Street Journal
• Bloomberg News

Workers' computers at Twitter were compromised by a java exploit. If they were running Safari it's either oooold or they were using Macs.

They'd have to be both - as in a Mac running 10.6 or earlier since Apple removed Java from the OS and blocked old versions. Heck, a couple of days ago Apple blocked ALL versions of Java (they set the minimum version to 0.0.01 above the current one - Oracle just released it that was 0.0.02 above their previous version).

Apple basically kicked Java to the curb with Flashback - they removed their version of Java from the OS (by blocking it, requiring install of the Oracle one). And the Java plugin for Safari is disabled by default - you can enable it, but I believe it disables itself automatically 30 days later, so you have to re-enable it again.

They DID. My account was compromised. I got an email.

If a security hole in Java running on a Twitter user's browser allowed someone to get to Twitter's internal data (i.e. not just the data of the user whose browser who had Java) - then it's a security hole in Twitter.

I think Twitter is being dishonest here.

Someone inside Twitter's network had Java enabled, and got attacked. Hackers are now inside Twitter and can start poking around.