Elon Musk’s rebranding of Twitter to X encountered a significant hurdle this week when the social network’s attempt to automatically replace “twitter.com” links with “x.com” backfired. Security expert Brian Krebs called the system “a gift to phishers,” allowing hackers to make links to malicious sites look safe.

Ars Technica reports that in a move that security reporter Brian Krebs called “a gift to phishers,” X’s iOS app started changing any URL ending in “twitter.com”  in tweets to “x.com,” even if the link wasn’t actually a twitter.com link. This glitch opened up the possibility for scammers to register domain names like “netflitwitter.com,” which would appear as “netflix.com” in posts on X but lead users to a potentially malicious site when clicked.

Elon Musk’s X logo for Twitter (Anadolu Agency/Getty)

According to DomainTools.com, at least 60 domain names ending in “twitter.com” were registered in the two days following the change, although most appear to have been acquired defensively by private individuals to prevent misuse by scammers. One such domain, netflitwitter.com, was registered by X/Twitter user @yuyu0127_ to demonstrate the potential risks. Visiting the site displays a message warning users about the possibility of the feature being exploited by acquiring domains containing “twitter.com” to lead users to malicious pages.

Sean McNee, VP of research and data at DomainTools, warned that “bad actors could register domains as a way to divert traffic from legitimate sites or brands given the opportunity—many such brands in the top million domains end in x, such as webex, hbomax, xerox, xbox, and more.”

While X/Twitter had initially fixed the problem for some affected domains, Mashable reported that the iOS app was still changing many other references of “twitter.com” to “x.com” as of Tuesday. However, it appears that X has now corrected the text replacement to only change the appearance of actual twitter.com links.

Despite this fix, the transition from Twitter to X remains woefully incomplete. Typing x.com into a browser still redirects to twitter.com, and even the company’s media contact email, press@x.com, generates an auto-reply from a twitter.com address.

Read more at Ars Technica here.

Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship.