X automatically changed ‘Twitter’ to ‘X’ in domain names, breaking legit URLs

It might be easy to forget at times, but technically, Twitter is no more. 

Elon Musk changed the name of the company to “X” last summer. Yes, the main domain name for Musk’s X is still Twitter.com. Yes, there are multiple official pages on the platform where the company still refers to it as “Twitter.” Yes, most people still call it “Twitter.” But, Musk’s social media platform is officially called X.

On Monday, it appears X attempted to encourage users to cease referring to it as Twitter and instead adopt the name X. Some users began noticing that posts viewed via X for iOS were changing any references of “Twitter.com” to “X.com” automatically.  

X user @___frye posted “Twitter .com” but on X’s app for iOS it shows as “X .com”
Credit: Mashable Screenshot

X’s Twitter dot com problem

Yes, you read that correctly. If a user typed in “Twitter.com,” they would see “Twitter.com” as they typed it before hitting “Post.” But, after submitting, the platform would show “X.com” in its place on the X for iOS app, without the user’s permission, for everyone viewing the post.

And shortly after this revelation, it became clear that there was another big issue: X was changing anything ending in “Twitter.com” to “X.com.”

As of publication of this piece, here’s how one post currently shows up on X’s website:

Here’s how @Arcticstar0’s post looks like X’s website.
Credit: Mashable Screenshot

Here’s how the same post currently looks on X for iOS:

Here’s how the same @Arcticstar0 post looks like on X’s app for iOS.
Credit: Mashable Screenshot

Why this is a big deal

Let’s say someone owns the domain name “NetfliTwitter.com.” Why would they own that domain name? Because if X is automatically changing anything that includes “Twitter.com” to “X.com,” then that means posting “NetfliTwitter.com” on X would make it appear in posts as “Netflix.com,” the popular movie streaming service. And if a user clicked the linked “Netflix.com” text that appears in that post, it would really take them to “NetfliTwitter.com.” Because while X is changing the text that the user wrote, the URL it links and directs to remains the same as the user posted.

This is a dream scenario for someone looking to steal passwords through phishing campaigns.

An example of X changing “NetfliTwitter .com” to “Netflix .com”
Credit: Mashable screenshot

The example I just provided isn’t a hypothetical either. Some users on X noticed this very problem and found that it could quickly be utilized by scammers, hackers, and other bad actors. X user @yuyu0127_ quickly registered the domain name “NetfliTwitter.com” in order to prevent it from being weaponized and put up a warning page on the URL about the potential issues in X’s changes.

“This domain has been acquired to prevent its use for malicious purposes,” reads the headline text on “NetfliTwitter.com.”

One user tried to post “setwitter .com” and Twitter changed the text to “sex .com.”
Credit: @___frye

Another domain name “seTwitter.com” was also registered due to its potential to be exploited as X would then change how the URL is viewed on the platform to “sex.com.” The X user, @amasato_mochi, who registered that domain name, also put up a warning page in order to put a spotlight on the issue.

“Please be very careful not to access suspicious URLs,” reads seTwitter.com. “I will hold onto this domain for a year to prevent any harm.”


Tweet may have been deleted

According to some users, the change implemented by X also affected older posts. Meaning any instance where someone previously tweeted “Twitter.com” was being changed retroactively to “X.com.”

X eventually realized the issue and rolled out a patch later that same day for some of the domains affected by this change. “Netflitwitter.com” no longer shows up as “Netflix.com” for example.

However, Mashable can confirm that the X for iOS app is currently still changing many other references of “Twitter.com” to “X.com.” We noticed that in one instance we found, the change was happening when “Twitter.com” was being used in a subdomain for another URL.

It’s unclear if this version of the issue will eventually be patched too. It certainly seems like a bad idea to change the text in a user’s post without their permission. Regardless, the whole ordeal is certainly a remarkable stumble for X, especially when Elon Musk’s social media platform itself still forwards “X.com” to “Twitter.com.”