It's been a Monday of social-media security embarrassments: Twitter has confirmed the existence of a bug that can force one user to follow another.
The bug appears to have originally been noticed by a Turkish blog, followed by the blog Webrazzi, which successfully tested it out and forced the Twitter accounts of industry luminaries like Facebook founder Mark Zuckerberg and Twitter CEO Evan Williams to follow a dummy profile. The flaw allowed members to add followers to their own accounts, basically, by tweeting "accept" followed by "@" and any given Twitter user name.
Twitter spokesman Sean Garrett told CNET that the bug is "unfortunately" real, and that "we're focused on fixing it now (and) hope to know a lot more about the specifics once that's done."
As a result, it's not yet clear how long the bug had been in existence or whether it could potentially give Twitter users access to the contents of "protected" accounts in which all tweets are private.
Update at 9:53 a.m. PDT: Gizmodo notes that this only worked in Twitter's Web interface, not on third-party apps. Meanwhile, I forced Ashton Kutcher to follow me--but a moment later, Twitter appeared to have delved into the issue and had reset follower and following number counts to 0. Temporarily, we can only hope!
Update at 10:19 a.m. PDT: "We're now working to rollback all abuse of the bug that took place. Follower/following numbers are currently at 0; we're aware and this too should shortly be resolved," Twitter has posted on its status blog. (Farewell, Ashton!)