“As soon as we learned about the issue today, we took TweetDeck down to diagnose the situation,” Twitter’s head of communications Caroyln Penner said in an email statement to VentureBeat. “We discovered a bug that caused a very small number of TweetDeck users to have access to other TweetDeck users’ accounts.”
Friday, Twitter user Geoff Evason discovered that he was inadvertently granted access to hundreds of Twitter and Facebook accounts via TweetDeck and could post on their behalf. As a result, the popular Twitter-owned social media dashboard was taken offline as engineers investigated the issue. TweetDeck was back online Friday as of 9:05 p.m. Pacific.
“No one’s password was compromised, and we aren’t aware of any instances where this access was used maliciously,” Penner said.
While the TweetDeck bug will go down as more of a mortifying blight on the company’s reputation than a serious security breach, Twitter’s handling of the matter strikes us as troubling.
The company is attempting to assert itself as a grown-up business but did little to inform the public until after the issue was identified and fixed. Twitter did not initially offer an explanation for why TweetDeck was taken offline, leaving Evason, journalists, and application users wondering about the severity of the issue for several hours.
These types of rookie mistakes could make Madison Avenue executives think twice about the stability and maturity of the company as it tries to stand tall next to Google and Facebook in the big leagues.
Penner’s full statement is included below.
TweetDeck is now back online.
As soon as we learned about the issue today, we took TweetDeck down to diagnose the situation. We discovered a bug that caused a very small number of TweetDeck users to have access to other TweetDeck users’ accounts. (The accounts that could be accessed were random; it was not possible to select specific accounts and access them.)
No one’s password was compromised, and we aren’t aware of any instances where this access was used maliciously. As a precaution, we removed account credentials associated with affected TweetDeck users; they will need to log in to authorize the TweetDeck application to access their accounts.
Photo credit: laRuth/Flickr
VB's research team is studying web-personalization... Chime in here, and we’ll share the results.