Twitter Confirms Auto-Follow Bug, Promises a Quick Fix

Twitter confirmed a security vulnerability today which allows people to force twitter accounts to follow them.  One of the first few accounts to be attacked by this bug were those of Facebook founder Mark Zuckerberg and Twitter CEO Evan Williams.

Their accounts were pointed to a dummy account which was created for this purpose.

To make use of this exploit, all we needed to do was to send out a tweet as “accept @username” to make any username follow us on Twitter. The bug was first spotted by a turkish blog which was made popular on Twitter by @hasanbasusta. This bug was tested on this blog with a dummy account which was given Mashable, ReadWriteWeb, Mark Zuckersberg and Evan Williams as followers.

To resolve this issue, Twitter first fixed this bug and then moved on to mend the fake followings. Though, it could not see any possible way of doing that and had to reset the follower count to 0 to prevent any outrage. In the meanwhile Gizmodo found out that this bug works for the web interface only and not with the API.

Finally, it seems that the issue is resolved now and there are some numbers appearing beside the follower/following counts. Finally, we all can go back to safe tweeting once again.
(Via: Cnet)

Published by

Chinmoy Kanjilal

Chinmoy Kanjilal is a FOSS enthusiast and evangelist. He is passionate about Android. Security exploits turn him on and he loves to tinker with computer networks. You can connect with him on Twitter @ckandroid.