I would guess this exploit has always been possible until today? What's interesting is that someone has probably been wielding this secret power well before it got outed here on hacker news.
Or, is there anybody whose career took off due to this bug? For example, a musician who got signed primarily because all of the top 50 music producers were following him on twitter.
That's true for a lot of shortcuts, hacks, and tricks. People will only tend to reveal tricks if they have no economic value to them (or if using them is so illegal that they'd prefer the fame and respect than the jail time ;-))
I don't think they've actually wiped out your followers and people you follow. I think they just prevented us from accessing those tables because I'm still getting tweets from people I follow, I just can't see the lists.
Wondering if there will be repercussions for people using this, or if they are able to track it? They aren't able to keep a lot of logs due to the volume.
> They aren't able to keep a lot of logs due to the volume.
That's pretty much untrue.
Anyway, I don't imagine it's too hard to grep the logs for the last day's worth of POST and 'accept .*' and undo all the follows constructed from that.
well, i can tell you right now that my followed and following lists were both just now wiped out, and using the accept bug now produces an internal server error.
edit: seems everyone is at 0/0, but the bug still produces an error for me.
Heh, I used this a bunch of times. It did work just fine, I had all sorts of people following me who really shouldn't care about me. And now I have 0 followers.
This is such an odd bug. I guess it goes to show that nobody knows what strange code which should have been removed four years ago lurks in the heart of Twitter.
better question: does it produce a full follow ie- if i did this bug, would billgates actually see me in his stream? OR does it just increase the follower count+i show up on his sidebar. if its the former, then wow. I know they're clearing it out now, but somebody must have been using this for a while.
I tried it between my main account and a disused one and tweets from the attacking account showed up both through the web interface and through the API.
Update (6:30 PM PST): We’ve finished our cleanup of the spurious followings generated a result of this bug. If you are still seeing folks you are following who you didn’t choose to follow, please use the block or unfollow tools to remedy.
Obviously, their so called "cleanup" is incomplete, at least for me :)
[+] [-] savrajsingh|16 years ago|reply
[+] [-] rmorrison|16 years ago|reply
[+] [-] petercooper|16 years ago|reply
[+] [-] ilike|16 years ago|reply
http://status.twitter.com/post/587210796/follow-bug-discover...
[+] [-] cake|16 years ago|reply
[+] [-] axod|16 years ago|reply
edit: anyone downmodding care to suggest how putting "accept[username]" in a tweet would be considered a 'bug'?
[+] [-] galactus|16 years ago|reply
[+] [-] icey|16 years ago|reply
[+] [-] HowardRoark|16 years ago|reply
[+] [-] obsaysditto|16 years ago|reply
"If it ever says I’m following more than one person, I’ve been hacked. I’m a completely monogamous Twitterer—I only follow Sarah Killen."
http://twitter.com/ConanOBrien/status/13631062967
[+] [-] zach|16 years ago|reply
In order to provoke curiosity and amusement
As a celebrity comedy writer and television host
I want to only be shown as following one otherwise-unknown person in Michigan
[+] [-] symesc|16 years ago|reply
Page refreshes were very slow. The elves are busy.
[+] [-] unknown|16 years ago|reply
[deleted]
[+] [-] lpgauth|16 years ago|reply
eg. "accept snoopdog"
[+] [-] maxklein|16 years ago|reply
[+] [-] notauser|16 years ago|reply
[+] [-] bena|16 years ago|reply
[+] [-] tibbon|16 years ago|reply
[+] [-] simonw|16 years ago|reply
[+] [-] 146|16 years ago|reply
That's pretty much untrue.
Anyway, I don't imagine it's too hard to grep the logs for the last day's worth of POST and 'accept .*' and undo all the follows constructed from that.
[+] [-] sjwalter|16 years ago|reply
I'd had a legitimate 30ish followers, used this bug a few times, now 0.
[+] [-] noodle|16 years ago|reply
edit: seems everyone is at 0/0, but the bug still produces an error for me.
[+] [-] bitsoffreedom|16 years ago|reply
[+] [-] fijter|16 years ago|reply
[+] [-] rmorrison|16 years ago|reply
This seems like an extremely basic design flaw.
[+] [-] sjwalter|16 years ago|reply
[+] [-] chegra|16 years ago|reply
Thought I could sell it afterwards or something. lol
[+] [-] chegra|16 years ago|reply
[+] [-] chegra|16 years ago|reply
[+] [-] yigit|16 years ago|reply
[+] [-] julio_the_squid|16 years ago|reply
This is such an odd bug. I guess it goes to show that nobody knows what strange code which should have been removed four years ago lurks in the heart of Twitter.
[+] [-] gokhan|16 years ago|reply
And people wondering why Axl Rose is following him here :) http://www.mygnrforum.com/index.php?showtopic=164026&st=...
[+] [-] ErrantX|16 years ago|reply
[+] [-] jacquesm|16 years ago|reply
[+] [-] jasonlbaptiste|16 years ago|reply
[+] [-] mortenjorck|16 years ago|reply
[+] [-] fname|16 years ago|reply
[+] [-] tszming|16 years ago|reply
Obviously, their so called "cleanup" is incomplete, at least for me :)
[+] [-] InclinedPlane|16 years ago|reply
http://status.twitter.com/post/587210796/follow-bug-discover...
[+] [-] tlrobinson|16 years ago|reply
[+] [-] jgrahamc|16 years ago|reply
[+] [-] remi|16 years ago|reply
[+] [-] djb_hackernews|16 years ago|reply
http://search.twitter.com/search?q=accept