Redirect from Twitter to X: phishing risk. Here’s what happened

Redirect from Twitter to X: phishing risk.  Here's what happened

When Elon Musk decided to buy Twitter, he immediately thought about rename the platform to X. In 1999, in fact, the South African entrepreneur with Canadian citizenship and a naturalized US citizen founded, a banking services site which later became the basis for the birth of PayPal. The X symbol is also used by SpaceX, the aerospace company founded by Musk, and in xAi, a new company developing artificial intelligence solutions.

Il X symbol it is therefore important for Musk because it contains the idea of ​​an all-encompassing project, an interactive platform that includes audio, video, messaging, payments and other features. The name change of Twitter is part of a broader plan to transform the social network into a more complete solution, capable of going well beyond the features we all know.

Redirect from Twitter to X: The company slips on a banana peel

Today, typing in the address bar of your web browser you are automatically redirected to Twitter. A couple of days ago, however, the systems engineers of X Corporation, founded in 2023 and owner of Twitter, committed a very serious mistake. An oversight that seems like a beginner’s and could have opened the doors to effective activities phishing. The reason is soon to be said.

Twitter had activated the redirect to X within posts: basically, typing a URL twitter.comthe user’s browser was redirected to the “new” domain name

On the surface, everything is fine, right? Only apparently because many immediately noticed a huge mistake made by the administrators. For anyone domain name which ended with twitter.comthis string was replaced with Think, for example, of the domain fedetwitter[.]com: the rule set on the server side by X Corporation transformed this domain into (in this case corresponding to the well-known transport company specializing in express shipments).

An attacker could thus create convincing posts on was automatically converted to by replacing that part of the URL with

Problem corrected but… what an oversight!

The mistake made by X’s technicians had the potential to divert traffic from legitimate sites and brands, effectively encouraging the proliferation of fraudulent activities online.

Due to its serious implications, the incident caused a stir with Elon Musk’s company which immediately intervened to put remedy the problem. Many domain names have since been registered for defensive purposes or to demonstrate the potential of the problem introduced by

Think for example of the domain netflitwitter.comregistered for prevent any abuse compared to the properties and services of the well-known streaming platform Netflix.

Following what happened, it is easy to hypothesize that the X technicians used regular expressions in a bad way, allowing unwanted redirects within the posts published on the social network.

Leave a Reply

Your email address will not be published. Required fields are marked *