That's not the hard part.
The hard part is that it seems that twitter wasn't checking accept messages to see if they were actually requests behind them or if the accepting user is actually a restricted account. So now they have to implement a mechanism that associates follow requests with follow acceptance.
Currently, the exchange is probably something like this behind the scenes:
me: @restrictedUserIWantToFollow lemme follow you
them: accept guyWhoWantsToFollowMe
Everything simply implemented as twitter messages to facilitate cell phone usage. However, the accept message just assumes that there is a valid request being made and adds them to your followers.
Assumption: the mother of all foul-ups.
How do you find it?