0
X automatically changed 'Twitter' to 'X' in users' posts, breaking legit URLs

X automatically changed 'Twitter' to 'X' in users' posts, breaking legit URLs

It can be easy to forget at times, but technically, Twitter is no more.

Elon Musk Changed company name to “X”. last summer. Yes, Musk's X main domain name is still Twitter.com. Yes, there are several official pages on the platform where the company still refers to it as “Twitter”. Yes, most people still call it “Twitter”. But, Musk's social media platform is officially called X.

On Monday, X appears to have tried to encourage users to stop referring to it as Twitter and adopt the name X instead. Consumers It started Notes That posts saw were for iOS through X. to change anyone references “Twitter.com” to “X.com” automatically.

X user @___frye posted “Twitter .com” but it appears as “X .com” on X's app for iOS.
Credit: Mashable Screenshot

X's Twitter.com problem

Yes, you read that right. If a user types in “Twitter.com” they will see “Twitter.com” as they typed before hitting “post”. But, after submission, the platform will display “X.com” in its place on the X for iOS app, without the user's permission, to anyone who sees the post.

And soon after that revelation, it became clear that there was another big problem: X was changing. anything From “Twitter.com” ending in “X.com”.

Following publication of this piece, here's how a post currently appears on X's website:

Post by X user @Arcticstar0 on X for Web

@Arcticstar0's post here looks like X's website.
Credit: Mashable Screenshot

Here's how the same post currently looks on iOS for X:

X User @Arcticstar0's post on X for iOS

Here's how the same @Arcticstar0 post looks on X's app for iOS.
Credit: Mashable Screenshot

Why is this a big deal?

Suppose someone owns the domain name “NetfliTwitter.com”. Why would they own this domain name? Because if X is automatically replacing anything that contains “Twitter.com” with “X.com”, that means posting “NetfliTwitter.com” on X will result in these posts being ” will appear as “Netflix.com”, the popular movie streaming service. . And if a user clicks on the linked “Netflix.com” text that appears in this post, it will indeed take them to “NetfliTwitter.com.” Because when X is changing the text the user wrote, the URL it links to and directs to remains the same as the user posted.

This is a dream scenario for someone who wants to steal passwords through phishing campaigns.

Post by X user @luzfic

An example of X changing “NetfliTwitter .com” to “Netflix .com”.
Credit: Mashable Screenshot

The example I just presented is not even hypothetical. Some users on X noticed this issue and realized that it could be increasingly exploited by scammers, hackers and other bad actors. X user @yuyu0127_ immediately registered the domain name “NetfliTwitter.com” to prevent it from being weaponized and put up a warning page on the URL about potential problems with X's changes.

“This domain has been acquired to prevent its use for malicious purposes,” reads the headline text on NetfliTwitter.com.

Setwaiter.com problem

A user tried to post “setwitter .com” and Twitter changed the text to “sex .com”.
Credit: @___frye

Another domain name “seTwitter.com” was also registered as it could be exploited as X would then change the URL. saw On the “sex.com” platform. X user, @amasato_mochi, who registered the domain name, also put up a warning page to highlight the issue.

“Please be very careful not to access suspicious URLs,” reads seTwitter.com. “I will hold this domain for a year to avoid any damage.”

According to some users, the change implemented by X also affected old posts. Meaning any instance where someone previously tweeted “Twitter.com” was being retroactively changed to “X.com”.

X eventually realized the problem and released a patch later that day for some of the domains affected by the change. For example “Netflitwitter.com” no longer appears as “Netflix.com”.

However, Mashable can confirm that the X for iOS app is currently on hold. to change Many other references to “X.com” from “Twitter.com”. In one instance we found that the conversion was happening when “Twitter.com” was being used in a subdomain for another URL.

It's unclear if this version of the problem will also eventually be patched. It certainly seems like a bad idea to change the text in a user's post without their permission. Regardless, this whole ordeal is certainly a notable stumble for X, especially since Elon Musk's social media platform itself still forwards “X.com” to “Twitter.com.”

About the Author

Leave a Reply