Who Is Johng77536 And How Did He Game Twitter?

One of the reasons Twitter is such a useful platform for publishing is that it is largely spam free – you only received messages from people you choose to follow. So even though a large number of spammy accounts have appeared on the service, the only real damage they do is when they trick people into following them (a lot of people just auto-follow whoever follows them as a courtesy).

Recently Twitter has tried to raise the bar even higher by removing accounts that appear to be trying to game the system. A lot of spammy accounts are just being deleted.

But what happens if someone finds a way to get others to follow them by exploiting some vulnerability in Twitter? The service would be overrun with spam overnight.

That appears to have happened today – I, along with 7,000+ other people, are now following user johng77536, even though I never hit the follow button (the account is following zero other users). The account, which is just two hours old, is now one of the top 100 Twitter accounts (it is currently #63), and growing fast. There are two posts in the account, both linking to a site called hotmoda.com.

This is the first time we’ve heard about Twitter being exploited in this way. Our guess is they found a vulnerability in the API and are going to push this for all its worth before being shut down. We’ll see how quickly Twitter responds.

We did a search for the username and came up with this link, where a user with the same name purports to be John and/or Lena Granger (who may well have nothing to do with this).

Update: Per the comments below, it looks like the vulnerability is being used for at least one other account (image), which links off to the same hotmoda site.