Foursquare Hacked by TechCrunch Editor Michael Arrington (UPDATED)

UPDATE – Foursquare’s response is now at the bottom

Becoming “mayor” of a location is the most coveted status in Foursquare. To win this honor you have to check in to a location more than anyone else, and to do that you actually have to go there, since Foursquare won’t let you check in remotely. But last night Techcrunch editor Michael Arrington punked Foursquare‘s API and made himself mayor of Facebook and Twitter headquarters, all without ever leaving his office.

“A mischievous hacker friend of mine stepped in with a small script that he wrote that will check me in to any venue at all via the Foursquare API,” Arrington wrote in a post on TechCrunch. “That means I don’t have to spend time finding friends already where I want to be, and since we’re using the API we can easily fake out the “you’re not actually there” problem.”

Obviously Foursquare has a problem if their check in system can be gamed in this way. A big part of Foursquare’s appeal is competing with friends and regulars to win the mayorship of your favorite venues. In the comments below Arrington’s post, several other users claim to be cheating the system.

“I got my account reset for doing this, but I was up to about 400 mayorships here in Atlanta before they caught on,” says Tim Dorr, a programer and web designer. Dorr says that before, this was just for laughs, but now that they have reset his account, he is going after their business model.

“I’m going to build a more complex script that simulates human behavior more correctly (being aware of travel times, waking hours in the day, perturbations in the location of a checkin, and other factors) and then go after locations that offer Mayors a special.” If businesses that are offering deals find out they are rewarding hackers and not repeat customers, they may decide Foursquare isn’t worth using.

This kind of virtual tourism has been going on for quite some time. Stories about Foursquare users cheating the system first hit the mainstream media back in February, 2010.

Update – We just got a response from Foursquare’s PR team saying that, “To be 100% clear, our API was definitely not hacked.” Arrington gamed the system, but he didn’t hack in and change the Foursquare API in any way. “We have an API so people can build cool apps on top of foursquare. We encourage developers to pass along real locations when they check people in, though there is no technical way to verify that piece of data. in this case, this developer was using the API, but was passing on fake lat-longs [locations].”

Dennis Crowley wrote a post back in February that addressed the issue of fake check ins. “At foursquare, I think we still have some thinking to do on this. We do see a lot of fake checkins (yes, we log and flag them… i think 2-3% of total checkins were “fake” last time we checked) and there are a few bad apples that like to steal mayorships from their couch. We’ve been punting on addressing this because it requires removing some of the magic from foursquare (mayors, points, badges) for users with non-GPS phones.”




Foursquare Hacked by TechCrunch Editor Michael Arrington (UPDATED)