Feedburner under fire for easy hacking of subscription counters

On Monday Joop Dorresteijn, contributing editor at The Next Web, unveiled a vulnerability in Google-owned feed tracking service Feedburner that lets anyone with some basic copy and paste skills and a Netvibes account pump up their blog subscriber numbers into the hundreds of thousands.

The "hack" is a two step affair, involving first tweaking an OPML file that lists your subscriptions, then subscribing to said feed in a simple feed-aggregation tool like Netvibes or My Yahoo. The data will then be fed through Feedburner's counters overnight, with the freshly increased numbers showing up the next morning.

Google is likely to fix the loophole by changing the way subscriptions are counted, either by tracking it on a per-service basis or using a more extensive security system that links up each subscription to a central account system. In the meantime the easiest way to spot blogs that have done this will likely be to keep an eye on abnormally large influxes of subscriptions within a 24-hour period.

You can see a video of how to do this with your own blog below, just keep in mind Google is likely to patch this shortly, although it has yet to acknowledge the vulnerability in the company's Feedburner product blog.