Today evening in a strange situation, Twitter and Facebook users, apparently in Pakistan only and those too on PTCL only (updates suggest that Micronet customers too) , were able to log-in to random accounts with complete access and control over others’ Twitter and Facebook accounts.
Problem was identified with web interfaces (and not the APIs) as those who tried to logged in with their username/password were randomly re-directed to other users’ accounts. They could read the messages, DMs, could follow other users meaning a complete control over someone’s account.
This happened with Ufone too, someone logged in to their account and started tweeting unknown URLs, but that happened 2 days ago!
We are not sure, neither we were able to get official version on this from PTCL, but it looks the problem is related to internet gateway connectivity glitch, or maybe mis-handled by mis-directed cookies at PTCL’s end.
We earlier had a similar problem with Warid GPRS, which used to allow random logins for Facebook Mobile users.
We have seen such instacenes in past too, for example, similar sort of bug appeared for AT&T users in January 2010, which later got fixed.
On a similar note, ISPs concerned must address the problem at earliest, or otherwise the world will be doomed earlier than scheduled. While users must understand this that anything on cyber-world is not secure, so be sure when you send/share/save files on email/social media/internet.
Update: Problem is widening as more users are now complaining the same issue. We were able to get following screen-shot from a ProPakistani reader, who logged in with this known account, with access to private messages, chat, images and videos. We are not posting snapshot of private messages (for obvious reasons).
Update: Facebook has apparently blocked PTCL’s IP range, leaving all PTCL customers with following message: