Feedburner under fire for easy hacking of subscription counters

Want to boost your Feedburner stats? There's a new loophole that lets you do it in about 10 minutes.

Josh Lowensohn Former Senior Writer
Josh Lowensohn joined CNET in 2006 and now covers Apple. Before that, Josh wrote about everything from new Web start-ups, to remote-controlled robots that watch your house. Prior to joining CNET, Josh covered breaking video game news, as well as reviewing game software. His current console favorite is the Xbox 360.
Josh Lowensohn

On Monday Joop Dorresteijn, contributing editor at The Next Web, unveiled a vulnerability in Google-owned feed tracking service Feedburner that lets anyone with some basic copy and paste skills and a Netvibes account pump up their blog subscriber numbers into the hundreds of thousands.

The "hack" is a two step affair, involving first tweaking an OPML file that lists your subscriptions, then subscribing to said feed in a simple feed-aggregation tool like Netvibes or My Yahoo. The data will then be fed through Feedburner's counters overnight, with the freshly increased numbers showing up the next morning.

Google is likely to fix the loophole by changing the way subscriptions are counted, either by tracking it on a per-service basis or using a more extensive security system that links up each subscription to a central account system. In the meantime the easiest way to spot blogs that have done this will likely be to keep an eye on abnormally large influxes of subscriptions within a 24-hour period.

You can see a video of how to do this with your own blog below, just keep in mind Google is likely to patch this shortly, although it has yet to acknowledge the vulnerability in the company's Feedburner product blog.

Feedburner hacked! from Boris Veldhuijzen van Zanten on Vimeo.