A hacker has claimed to have hacked the first of Google’s OpenSocial application on Plaxo –“emote” — within 45 minutes of its launch.
The hacker, who goes by the alias “theharmonyguy,” said that he has added a number of emoticons to Plaxo VP Marketing John McCrea’s profile. He also claimed to have hacked a number of Facebook applications including the Superpoke app.
In an email to Michael Arrington of TechCrunch, McCrea initially denied the hacker’s claims saying that his account didn’t appear to be hacked. But later he spotted and acknowledged that there were foreign changes made to his account.
By Arrington’s request, theharmonyguy demonstrated his hack technique by adding four quick emoticon messages in a very short span of time to Arrington’s Plaxo account.
theharmonyguy also pointed out some weakness of the application’s code.
Joseph Smarr, Plaxo’s Chief Platform Architect has taken the application down as they are now de-whitle-listing the app.
While it is expected that new platform has a lot of weakness waiting to be discover, the ease in which this was done raise some security concern. Platforms are said to be hackers’ favorite targets, especially the new ones.