Twitter was hit by a bug last night that saw high profile tweeters forced into following users.
It claimed that the bug permitted a user to ‘force' other users to follow them and those who typed ‘accept' followed by a person's Twitter name forced the user to be added to their list of followers.
BBC News reported that the hack was quickly passed around the social network with many people using it to force celebrities to follow them. It claimed that it could have easily allowed spammers to insert messages into thousands of accounts.
The flaw only worked on the website and not through third-party software used to access the service. By typing ‘accept @stephenfry' for example, it would make it appear that Fry had chosen to follow the user and would also inject a user's tweets into his feeds.
In an update, Twitter said it was working to rollback all abuse of the bug that took place. As a result, follower/following numbers were set to zero, and it warned that if there are people users were following that they did not choose to follow, they could block them or 'unfollow' them.
At around 2.30am this morning Twitter said that it had finished its ‘cleanup of the spurious followings generated as a result of this bug'.
Sean-Paul Correll, threat researcher and security evangelist at Panda Security, commented that he had seen his follower count moved from over 5,500 followers to zero instantaneously between reloads. He placed the blame on a Turkish hacker, claiming that the bug was first discovered in a Turkish website.
He said: “It's still a bit unclear as to who this Turkish hacker is, although it may be safe to assume that one of the now suspended accounts (@borakrc) in the above Turkish blog is him.”