Tweetdeck, Inc. Data Breach (2014)

External actor discovers XSS vulnerability in Tweetdeck and creates a tweet that would execute code on his Tweetdeck-using followers' browsers. The code would retweet the tweet and essentially turned into a XSS worm.