Twitter’s TweetDeck, the application that “brings more flexibility and insight to power users,” has been taken temporarily offline after a customer from Australia noticed that he could gained access to hundreds of other accounts through the app.
“TweetDeck is currently down while we look into an issue. Apologies for the inconvenience,” Tweetdeck representatives wrote a few hours ago.
TechCrunch managed to obtain a statement from Geoff Evason, the one who identified the bug.
“I’m a tweetdeck user. A bug has given me access to hundreds of twitter and facebooks account through tweetdeck. I didn’t do anything special to make this happen. I just logged in one day, the account was was slower than normal, and I could post from many more accounts,” Evason said.
To demonstrate the seriousness of the issue, he even performed a small test in which he took over another user’s account from which he made a tweet.
Approximately 8 hours after it was taken down, TweetDeck managed to address the problem and restored the service.
TweetDeck representatives issued a statement regarding the incident:
As soon as we learned about the issue today, we took TweetDeck down to diagnose the situation. We discovered a bug that caused a very small number of TweetDeck users to have access to other TweetDeck users’ accounts. (The accounts that could be accessed were random; it was not possible to select specific accounts and access them.)
No one’s password was compromised, and we aren’t aware of any instances where this access was used maliciously. As a precaution, we removed account credentials associated with affected TweetDeck users; they will need to log in to authorize the TweetDeck application to access their accounts.