The simple act of reading tweets online on twitter.com could cause somebody to steal your login cookie and potentially get access to your Twitter account – or simply redirect you to a phishing site etc.
The code should also be able to delete all your twitter messages or send a message to all your followers.
James Slater already made Twitter aware of the problem, but so far Twitter apparently haven’t done anything else than to make sure it’s not possible to write a space in the “API field”. I doubt how effective that really is. He therefore urges you to only follow people who you know and not just because they follow you.
In this video, James Slater demonstrates a bit about how it works:
Related articles you might find interesting:
- Bloody Sexual Twitter DM’s. Go Away!
- Gmail Warns About Suspicious Activity
- Twitter Bug: Force People To Follow You
- How To Use Twitter To Get Through To Customer Support In A Jiffy
- What Twitter Accounts Do You Follow?