In 2005, security researcher Samy Kamkar found a security vulnerability in the then-popular social network Myspace (if you’ve been around long enough, you might remember that service). He managed to inject JavaScript code into his profile page, a classical cross-site scripting (XSS) attack (explained in chapter 2). The JavaScript code, however, did something really interesting: when executed, it issued an HTTP request on the victim’s behalf, adding them to Kamkar’s friends list. This started a chain reaction, and less than 20 hours later, Kamkar had over one million friends on Myspace.
NOTE
Kamkar himself provided a detailed reconstruction of the events at https://samy.pl/myspace/, and a thorough technical description of the attack at https://samy.pl/myspace/tech.html. However, I recommend that you read this chapter first so that you know all the required technical details about these kinds of attacks.