Twitter has taken its Tweetdeck app offline after an apparent bug has possibly given some Tweetdeck users access to others’ accounts.
A Sydney, Australia-based Tweetdeck user named Geoff Evason says he discovered today he was somehow able to access hundreds of Twitter and Facebook accounts through Tweetdeck. In an email to TechCrunch, he explained the situation like this:
“I’m a tweetdeck user. A bug has given me access to hundreds of twitter and facebooks account through tweetdeck. I didn’t do anything special to make this happen. I just logged in one day, the account was was slower than normal, and I could post from many more accounts.”
He provided more details in a follow-up email:
“I normally use the tweetdeck web client. A few days ago it started freezing when I logged in. Today I downloaded the native mac client, and it crashes too, but not before it shows me some streams and lets me post.
He also Tweeted about the situation here:
And demonstrated that he could access another account by sending this Tweet:
Tackleberry Showroom (@gotackleberry) March 30, 2012
Other accounts may well be affected, as Twitter quickly shut off access to Tweetdeck entirely to “look into an issue.” They’ve offered us no comment other than their Tweet:
TweetDeck is currently down while we look into an issue. Apologies for the inconvenience.—
(@TweetDeck) March 30, 2012
Tweetdeck is an app beloved by the “power user” set for posting and managing messages to Twitter. Tweetdeck was previously a standalone company before it was acquired by Twitter in May 2011 for some $40 million.
Update: The company now says it’s back online with minimal damage.
TweetDeck is now back online.
As soon as we learned about the issue today, we took TweetDeck down to diagnose the situation. We discovered a bug that caused a very small number of TweetDeck users to have access to other TweetDeck users’ accounts. (The accounts that could be accessed were random; it was not possible to select specific accounts and access them.)
No one’s password was compromised, and we aren’t aware of any instances where this access was used maliciously. As a precaution, we removed account credentials associated with affected TweetDeck users; they will need to log in to authorize the TweetDeck application to access their accounts.
TweetDeck is working again. Thanks for your patience. We apologize again for the inconvenience.—
(@TweetDeck) March 31, 2012
TweetDeck is back up. HAPPY FRIDAY EVERYONE.—
Carolyn Penner (@cpen) March 31, 2012
Ingrid Lunden contributed reporting to this story.