In a fail whale moment of a different kind, TweetDeck was taken down Friday afternoon after a Twitterer claimed to have found a bug that gave him access to hundreds of accounts.
Twitter user Geoff Evason said he discovered the flaw Friday that allowed him to access other Twitter and Facebook accounts via TweetDeck, and post on their behalf. Evason tweeted his distributing finding with a screenshot of the accounts he was inexplicably granted access to (pictured right). He also said that he was able to tweet “test” and “testing” from another user’s account.
TweetDeck is the Twitter-owned social media dashboard. The popular desktop and web client received its biggest update yet late last week, but engineer’s may have pushed the release out too soon if today’s incident checks out.
“For the past few days when I logged into TweetDeck’s Chrome client TweetDeck would crash. Today, I downloaded the Mac client and was able to log in. I was shown Twitter and Facebook streams that were from accounts that we’re not mine,” Evason told VentureBeat. “When I tried posting, I was able to select from hundreds of accounts.”
Twitter is not acknowledging Evason’s claims, nor providing clarification on the matter. It has, however, publicly admitted to taking TweetDeck offline.
“TweetDeck is currently down while we look into an issue. Apologies for the inconvenience,” the TweetDeck Twitter account said in a rather ambiguous update Friday afternoon.
TweetDeck users have been able to access and tweet from the desktop application without interruption, but those that log out and attempt to log back in are denied access.
According to Evason, the security breach was an accidental occurrence not of his own doing. “To be clear — I didn’t hack TweetDeck or find an exploit,” he said. “I just logged in and was presented with lots of accounts that weren’t mine. I sent the two simple ‘test’ tweets so I could add more info in my report to Twitter.”
A Twitter spokesperson declined to provide additional comment. Evason said he has not received a reply from Twitter about the incident.
Update: Twitter claims that the bug is fixed and was not used maliciously. TweetDeck was back online Friday as of 9:05 p.m. Pacific.
Photo credit: tveskov/Flickr
VB's research team is studying web-personalization... Chime in here, and we’ll share the results.