OpenSocial, the attempt by Google and the tens of other social networks, has been hacked twice within a few days. The first OpenSocial application to be hacked was the RockYou application on Plaxo called emote. Now, it seems the same hacker has compromised another OpenSocial application on Ning called iLike.
The hacker claims to be able to add and remove songs from user’s playlists. According to TechCrunch, you can “Give him a Ning username and he can give you details on their friends: relationship to user, last date of update, photo, profile creation date and part of their email address.” He’s even setup a blog which goes into the kind of “social hacking” that he does.
Is this foreshadowing of Google’s crash and burn with OpenSocial? I don’t think so, but it is a bad start. To take down Facebook, things are going to have to run a lot smoother. The worst part is the hacker claims to be an “amateur”. If this is true, I’d hate to see what a “pro” could do. Part of me can’t help but think this is what happens when you try to rush something out the door too quickly. I think it can be said that this is what happened with Google’s OpenSocial. It will be interesting to see what happens over the next few weeks and if any other vulnerabilities can be found.
