clock menu more-arrow no yes

Filed under:

TweetDeck back online, unauthorized access was 'random' and likely never 'used maliciously'

New, 12 comments

TweetDeck, taken down earlier today, is now back online for everybody. Here's Twitter's statement on the matter:

TweetDeck v1.3
TweetDeck v1.3

TweetDeck, taken down earlier today, is now back online for everybody. The original issue appeared when a user in Australia discovered he was able to access hundreds of Twitter and Facebook accounts. Twitter says that the accounts that were accessed were "random" and so it wasn't possible to target specific users with the vulnerability. While we don't know the exact nature of what the problem was, Twitter claims that it didn't involve getting a hold of account passwords — so user accounts should be safe. Still, the company is playing it safe and making any users affected by the bug re-login to TweetDeck the next time they launch it.

Here's Twitter's full statement on the matter:

TweetDeck is now back online.

As soon as we learned about the issue today, we took TweetDeck down to diagnose the situation. We discovered a bug that caused a very small number of TweetDeck users to have access to other TweetDeck users’ accounts. (The accounts that could be accessed were random; it was not possible to select specific accounts and access them.)

No one's password was compromised, and we aren't aware of any instances where this access was used maliciously. As a precaution, we removed account credentials associated with affected TweetDeck users; they will need to log in to authorize the TweetDeck application to access their accounts.

Although the bug was very serious, it's good to hear that there were not any known cases of it being used to full hack into any accounts — and also good to see that Twitter dealt with the issue in a relatively prompt manner.