A recent update from Elon Musk’s social media platform resulted in a serious security issue. The platform, referred to as X, automatically changed any mention of “Twitter.com” in URLs to “X.com” in Xeets. This caused confusion and potential security risks for users as legitimate URLs were altered.
Users quickly noticed that this change allowed for the easy promotion of potentially malicious websites. Posting a link to “netflitwitter[.]com” would appear as “Netflix.com” on the platform, but would actually direct users to the original fake link. This could have led to phishing attempts, credential theft, or the distribution of malware.
Although the issue has since been fixed, X has not publicly addressed the mistake. The timeline of how long the error persisted is unclear, but it was reportedly live for at least nine hours. The platform’s automatic change of Twitter.com to X.com in URLs seems to still be in effect, with the exception of all-caps domains.
This incident highlights a significant oversight by X developers and raises concerns about the platform’s security measures. Despite the fix, the potential for abuse in similar situations remains a possibility.
