Twitter Exploit – User Was Able To Register @hOME

Monday, July 6th, 2009 | Hack, Twitter, Unusual

I did a google search for ‘twitter’ the other day and the strangest result showed up as #2. Look at the way home was spelled = hOME….
That was odd for a number of reasons, the biggest being that the URL alias for your profile page (if you’re logged in to your twitter account) is www.twitter.com/home. Twitter has never (to the best of my knowledge) been caps sensitive, meaning that if you registered your username as @tonythetiger, you could capitalize it in any way, shape or form and it will still always take you to the same page.

BUT! If you go visit that url ( twitter.com/hOME), you’ll find that it’s a dormant account that just so happens to have 28k+ followers! Now just for comparison go and try to visit twitter.com/home. See what I’m talking about! It takes you to either your profile page or the main twitter.com homepage!

Here’s another oddity about this account – 95% of @hOME’s followers joined twitter.com on one of two days. Strange coincidence don’t you think?

So what I’m guessing happened was a potential spammer discovered that twitter allowed him to register @hOME so he loaded up 28k of new twitter accounts to make it look like it was a popular user. What happened after that is anybody’s guess, the twitter account has 0 tweets and isn’t following anyone back. If you know anything about this account, please tell us more!

No comments yet.