Twitter-owned Twitter client Tweetdeck suffered a massive security breach today. Update: it is reportedly functioning normally now.

At first, Tweetdeck recommended everyone remove access to their accounts immediately, but then the service completely shut itself off when major accounts started spreading malicious code through garbled updates, which caused strange pop-ups to appear on users screens.

At least for me, Tweetdeck is still down, and the “forgot password” function does not work in Google Chrome’s version of Tweetdeck. I saw malicious code from a few major accounts and politicians, including California’s own Lieutenant Governor Gavin Newsom. Others reported that major news outlets had also been hacked, including The New York Times business account, @NYTimesBusiness.

The problem, known as an XSS vulnerability, has reportedly been fixed, but that hasn’t returned full functionality to the site. In the meantime, it’s wreaking havoc on social media managers across the Interwebs (and the workday of this very frustrated writer).

The damage is still unknown, and we will update readers as this story develops.