Twitter security hole lets you make anyone follow you

A security hole has been found in Twitter that allows any user to force anyone else to follow them, without the follower giving any kind of permission at all.

By sending the word "accept" into the web interface, followed by the username of the person you want to follow you, you can tap into a defunct system that Twitter once used to operate the site. We've tested it on a dummy account and found that yes - it works, and yes - it's instant. We imagine it'll be patched out of existence rather quickly.

Still, it's a massive security hole, and there'll no doubt be legions of celebrities and big-name Twitter users up in arms about their feeds being flooded with unknown users. It's as yet unclear if it gives access to feeds that are "protected", as the following/not-following mechanism is separate from that.

Until Twitter manages to fix this problem, keep an eye on your Twitter feed to weed out any undesirables and spammers.

UPDATE: It seems that Twitter is on the case already with all Twitter users showing 0 followers and 0 following tallies. We will keep you posted.

UPDATE 2: Twitter has issued the following statement: "We identified and resolved a bug that permitted a user to “force” other users to follow them. We’re now working to rollback all abuse of the bug that took place. Follower/following numbers are currently at 0; we’re aware and this too should shortly be resolved. Update (10:18 AM PST): Of note: protected updates did not become public as a result of this bug".



>