by savrajsingh on 5/10/10, 5:01 PM
I would guess this exploit has always been possible until today? What's interesting is that someone has probably been wielding this secret power well before it got outed here on hacker news.
by ilike on 5/10/10, 5:03 PM
by galactus on 5/10/10, 4:52 PM
amazing. They found out, it seems: right now everyone seems to have 0 following and 0 followers.
by obsaysditto on 5/10/10, 5:13 PM
Its coincidental that Conan tweeted this message a couple days ago:
"If it ever says I’m following more than one person, I’ve been hacked. I’m a completely monogamous Twitterer—I only follow Sarah Killen."
http://twitter.com/ConanOBrien/status/13631062967
by lpgauth on 5/10/10, 4:36 PM
If you tweet “accept [Twitter Username]”, the other user will automaticly follow you.
eg. "accept snoopdog"
by maxklein on 5/10/10, 4:23 PM
by bena on 5/10/10, 5:53 PM
I don't think they've actually wiped out your followers and people you follow. I think they just prevented us from accessing those tables because I'm still getting tweets from people I follow, I just can't see the lists.
by tibbon on 5/10/10, 4:46 PM
Wondering if there will be repercussions for people using this, or if they are able to track it? They aren't able to keep a lot of logs due to the volume.
by fijter on 5/10/10, 4:53 PM
Twitter damage control:
TRUNCATE followers;
by rmorrison on 5/10/10, 4:59 PM
I can't believe they didn't create an OOB mechanism for accept/deny requests, especially since they send so much meta data w/ each tweet anyway.
This seems like an extremely basic design flaw.
by sjwalter on 5/10/10, 4:51 PM
Heh, I used this a bunch of times. It did work just fine, I had all sorts of people following me who really shouldn't care about me. And now I have 0 followers.
by chegra on 5/10/10, 4:16 PM
by yigit on 5/10/10, 4:39 PM
the user who found this says he was trying to tweet "accept pwnz" where accept is a music group name.
by gokhan on 5/10/10, 8:32 PM
by ErrantX on 5/10/10, 4:43 PM
That's an utterly insane bug! Some kind of debug accidentally left in? Or an admin phrase not authorised properly?
by jasonlbaptiste on 5/10/10, 5:06 PM
better question: does it produce a full follow ie- if i did this bug, would billgates actually see me in his stream? OR does it just increase the follower count+i show up on his sidebar. if its the former, then wow. I know they're clearing it out now, but somebody must have been using this for a while.
by tszming on 5/11/10, 3:41 AM
Update (6:30 PM PST): We’ve finished our cleanup of the spurious followings generated a result of this bug. If you are still seeing folks you are following who you didn’t choose to follow, please use the block or unfollow tools to remedy.
Obviously, their so called "cleanup" is incomplete, at least for me :)
by InclinedPlane on 5/10/10, 5:56 PM
by jgrahamc on 5/10/10, 4:30 PM
Yes, this does work. Now what's the opposite verb to make someone unfollow me?
by djb_hackernews on 5/10/10, 5:50 PM
by jeiting on 5/10/10, 4:50 PM
Wow, tested and verified.
Somebody is working late tonight.
by maxklein on 5/10/10, 4:44 PM
I wonder if they are going to be able to undo this. Do they have a two sided log of the follow process? If it's just one-sided, they may be able to fix the bug but not to reverse the damage.
by TrevorBramble on 5/10/10, 4:51 PM
Interesting. My "following" and "followers" counts just dropped to 0.
by thedjpetersen on 5/10/10, 5:22 PM
Jason Calacanis dream come true :P
by olh on 5/10/10, 8:08 PM
Seems that the fix is just a filter. Is anyone else trying to bypass with html ascii?
A few minutes ago, a prompt with the html ascii returned a +0x36 on every char. Now it does not give feedback.
"accept BillGates":
= ;? ;? ;A ;F ;J ; ;* ;E ;C ;C ;/ ;= ;J ;A ;I ;
Maybe they already really fixed this bug (I hope).
by nutmeg on 5/10/10, 4:41 PM
There could be notoriety for anyone who does this to Conan O'brien. He only follows one person AFAIK.
Edit: Looks like this probably already happened.
by aditya on 5/10/10, 4:07 PM
Whatever it was, got removed or keeled over...
by whakojacko on 5/10/10, 5:14 PM
Even without this bug, I dont think they should still allow commands via tweet at all. It made sense when most tweets were via SMS, but not anymore...Maybe for emerging markets with heavy SMS usage, add a 2nd number to send commands to isolate the two?
by mrduncan on 5/10/10, 4:54 PM
They appear to be working on some sort of fix right now.
If you look at "following" lists, everything is showing up as zero for me right now, as in it shows that I'm not following anyone. All other users that I check are also showing that they aren't following anyone.
by blizkreeg on 5/10/10, 7:13 PM
Oooo approaching 2012 ;) Louisiana oil spill. Massive Twitter bug. Sticky finger Dow collapse. Facebook losing it's privacy mojo.
And to top it off, one line of code I checked in late last night prevented 200 new users from signing up on my freshly minted site.
by mtinkerhess on 5/10/10, 4:53 PM
It appears that they just wiped everyone's list of followers? My feed still works though.
by orblivion on 5/10/10, 4:55 PM
This is up there with putting everybody in a root terminal by default on their Androids.
by lukeqsee on 5/10/10, 4:57 PM
Everyone shows 0 followers, but your stream still shows those you follow. Interesting.
by RyanMcGreal on 5/10/10, 5:49 PM
by araneae on 5/11/10, 5:54 AM
Exploit is fixed, and follower lists are rolled back, but they didn't do a perfect job...
Felicia Day is still following me. ^-^
by shrikant on 5/10/10, 5:25 PM
Link doesn't work - does a server hammering lead to a 404? I didn't know it could...
by goldham on 5/10/10, 6:38 PM
I would not want to be in the Twitter offices today. Good day to call in sick.
by dmn001 on 5/10/10, 4:52 PM
Is it broken now? Both followers and follow count is 0 now?!
by jeiting on 5/10/10, 4:54 PM
Now I am getting a 502 when I try to post accept messages.
by maxklein on 5/10/10, 4:50 PM
Okay, all followers of everyone just dropped to 0...
by yigit on 5/10/10, 5:22 PM
by CoryMathews on 5/10/10, 4:53 PM
Wow they fixed that really fast.
by lukejduncan on 5/10/10, 4:22 PM
mirror?
by acangiano on 5/10/10, 4:58 PM
EDIT: My original message invited people not to try this. It turns out that everyone's counter is showing zero followers, regardless of whether you tried the hack or not. Thanks Travis for pointing this out. I was misled by my desktop client which cached my follower number.