X gets a grave lesson on why search and replace is a bad idea

  • Earlier this week X nearly caused a cybersecurity catastrophe as it transitions away from Twitter.
  • The website began replacing URLs that end in with allowing ne’er-do-wells to sneak malicious URLs into tweets.
  • Cybersecurity expert Brian Krebs reports many domains, similar to, were registered before X reverted the change.

While the “search and replace” function can be handy, one must be careful. For example, if you want to replace all instances of “grand” with “great” you best hope the word “aggrandise” doesn’t become “aggreatise”.

Elon Musk’s X learned this lesson the hard way this week when it started to replace URLs ending that end in with The change was only live for users on iOS and it was quickly reverted once folks realised they could abuse this.

“On April 9, Twitter/X began automatically modifying links that mention “” to read “” instead. But over the past 48 hours, dozens of new domain names have been registered that demonstrate how this change could be used to craft convincing phishing links — such as fedetwitter[.]com, which until very recently rendered as in tweets,” writes security research Brian Krebs.

The cybersecurity expert wrote on his blog that at least 60 domain names were registered over two days that end with Thankfully, many of those names were registered defensively and contained warnings for users.

Essentially, by abusing this rule, an attacker could make a user think they are heading to when instead they’re headed for

The potential for abuse here was massive but thankfully, X reverted the change and stopped replacing URLs that end with

We suspect that Musk is growing weary of seeing twitter in replies, quotes and more and ordered the engineering team to solve the problem quickly.

The transition to X from Twitter has been hamfisted, to say the least. While Musk hopes to make X an everything app where folks make calls, complete financial transactions and more, the site still battles to get the most minor of things right. Hell, Musk himself still calls it Twitter, illustrating just how much of a legacy the billionaire erased because of his obsession with a singular letter.

The website also still sends automated emails from, as Ars Technica discovered while seeking commentary from X. You can also find the Twitter URL, logos and more in rarely visited parts of the site.

We can’t wait to see what misstep X makes next.

[Image – Kelly Sikkema on Unsplash]


About Author


Related News