Application With OpenSocial API Hacked

Hmm. A couple days after I picked up the story on the “our little secret” error messages in Plaxo, they resurface. Google released the OpenSocial application this week which “provides a common set of APIs for social applications across multiple websites. With standard JavaScript and HTML, developers can create apps that access a social network’s friends and update feeds.”

Well, if that isn’t like waving a red flag in front of a bull I don’t know what is. Plaxo was the first application out of the gate to leverage the new API. And within 45 minutes…it was hacked.

From Tech Crunch:

A developer who goes by the alias “theharmonyguy” and describes himself as “just an amateur” claims to have compromised the RockYou OpenSocial application on Plaxo called emote (see the Plaxo blog for details on the application). Specifically, he claims to have added a number of emoticons to Plaxo VP Marketing John McCrea’s profile within 45 minutes of it launching.

In an email, McCrea said he added all of the emoticons himself and his account doesn’t appear to be hacked. But when I asked theharmonyguy to hack my Plaxo account he did, within minutes, adding four quick emoticon messages such as “michael arrington is getting my bling on” and “michael arrington is w00t”.

If you build it, they will hack it.

Article Link

[tags]OpenSocial App Hacked, Plaxo, Google API, Google OpenSocial[/tags]