It’s not clear if this is a one-off glitch, a signal of a bigger issue — or a way of pumping up/sabotaging Klout scores for those who care. But it’s not great news any way you spin it, if it’s true: a Klout user has gotten in touch to say that when he accesses the social influence ratings service, he is getting signed in to Klout not as himself but as someone else.
Using an HTC Sensation device running the Ice Cream Sandwich version of Android, IT consultant Halil Kabaca,of Istanbul, Turkey-based Novarum Consulting, tells us that when he goes on to Klout via the phone’s mobile browser, he is being signed in automatically as someone completely different — someone he doesn’t know at all who happens to work for Adobe in business development (see screenshots of Kabaca’s and the other guy’s profiles after the break).
It appears that Kabaca has full access to the other guy’s account, including direct messages, the ability to add influencers, and change all other account information. The access, he says, only happens on mobile, and not on his PC.
Kabaca tells us he uses Klout almost every day from his phone and this is the first time he has seen this happen. “Even if it’s a minor bug, it is very discouraging to use the service,” he said.
As of this writing he says he can still access the other user’s profile, “And I am wondering if anyone is seeing mine.”
Even if this is a one-off glitch, the news is not brilliant, as it comes at the same time that Klout has been sharpening its focus on mobile. In February, it acquired mobile/location startup Blockboard to enhance its mobile services; in April, it released a new iPhone app; and earlier this month, it kicked off with some eye-catching promotions — Perks in Klout-world — with companies to show off how effective those new mobile products can be. A recent one we covered was Klout’s link-up with Cathay Pacific, where users with high Klout scores could flash their status, via the mobile app, to get access to Cathay Pacific’s executive lounge in San Francisco Airport.
Because of the emphasis on sharing information about yourself, social networks — more than other internet services — have been served a pretty big dose of privacy scrutiny. Klout is no different. In November the site was criticized for how it created shadow profiles of people who are not even users.
Klout is not the only social media site that has suddenly seen identity loopholes appear. In March, Twitter had to take TweetDeck offline after one user suddenly found he had access to hundreds of accounts, both on Twitter and Facebook, using the client.
We have contacted Klout, and the other user, to see if they can comment on this development and will update as we learn more.
Update: The other user has come back to us to confirm that his account has been changed around by someone — with a new contact email (the one put in by Kabaca to test the loophole).