Twitter Takes Tweetdeck Offline After Apparent Bug Opens Up Access To “Hundreds” Of Accounts [Back Now]

Next Story

Gillmor Gang Live 03.30.12 (TCTV)

Twitter has taken its Tweetdeck app offline after an apparent bug has possibly given some Tweetdeck users access to others’ accounts.

A Sydney, Australia-based Tweetdeck user named Geoff Evason says he discovered today he was somehow able to access hundreds of Twitter and Facebook accounts through Tweetdeck. In an email to TechCrunch, he explained the situation like this:

“I’m a tweetdeck user. A bug has given me access to hundreds of twitter and facebooks account through tweetdeck. I didn’t do anything special to make this happen. I just logged in one day, the account was was slower than normal, and I could post from many more accounts.”

He provided more details in a follow-up email:

“I normally use the tweetdeck web client. A few days ago it started freezing when I logged in. Today I downloaded the native mac client, and it crashes too, but not before it shows me some streams and lets me post.

He also Tweeted about the situation here:

And demonstrated that he could access another account by sending this Tweet:

Other accounts may well be affected, as Twitter quickly shut off access to Tweetdeck entirely to “look into an issue.” They’ve offered us no comment other than their Tweet:

Tweetdeck is an app beloved by the “power user” set for posting and managing messages to Twitter. Tweetdeck was previously a standalone company before it was acquired by Twitter in May 2011 for some $40 million.

Update: The company now says it’s back online with minimal damage.

  TweetDeck is now back online.

As soon as we learned about the issue today, we took TweetDeck down to diagnose the situation. We discovered a bug that caused a very small number of TweetDeck users to have access to other TweetDeck users’ accounts. (The accounts that could be accessed were random; it was not possible to select specific accounts and access them.)

No one’s password was compromised, and we aren’t aware of any instances where this access was used maliciously. As a precaution, we removed account credentials associated with affected TweetDeck users; they will need to log in to authorize the TweetDeck application to access their accounts.

Ingrid Lunden contributed reporting to this story.