Twitter has admitted that it issued a patch last month for the cross-site scripting flaw which caused havoc on the micro-blogging site yesterday, but that a site update "resurfaced" the flaw.
Lord explained that one Twitter user noticed the security hole early on, and decided to take advantage of it.
"First, someone created an account that exploited the issue by turning tweets different colours and causing a pop-up box to appear when someone hovered over the link in the tweet," he said.
"This is why folks are referring to this as an 'onMouseOver' flaw. The exploit occurred when someone 'moused' over a link."
Lord explained that other users then added code that caused people to retweet the original tweet without their knowledge.
However, Lord admitted that his team had "discovered and patched this issue last month", but that "a recent site update (unrelated to the new Twitter) unknowingly resurfaced it".
The admission will be an embarrassing one for Twitter as the company struggles to prove that it can be trusted to run a safe and secure site.
Sophos senior technology consultant, Graham Cluley argued that the revelation points to what appears to be "some pretty shocking quality control".
"Hopefully they'll learn from this blunder and ensure that they have better processes in place in future," he added.
Just last month Twitter announced support for a new authentication system for people using third-party applications to read or send tweets, in a bid to boost the security and usability of the site.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago