Security vulnerability at TweetDeck
The TweetDeck Twitter client apparently suffered from a security breach on Friday that gave some users the ability to take over other people's accounts. Twitter, which owns TweetDeck, reacted quickly and disabled the client's access to the system. TweetDeck's functionality was restored less than a day later, once the bug had been fixed.
TweetDeck user Geoff Evason discovered the bug which gave him access to the Twitter and Facebook accounts of hundreds of other TweetDeck users. TweetDeck allows its users to pull together both Twitter and Facebook accounts under a TweetDeck account to aggregate updates from both services. Evason publicly reported the problem on Twitter, posting a screenshot to document the vulnerability. To back up his claims, he also posted several messages from other people's accounts.
In a statement to VentureBeat and other US media, Twitter representatives said that no account passwords were compromised and that, as far as Twitter is aware, the vulnerability had not been exploited maliciously. Facebook told the Wall Street Journal that fewer than 250 of its users were affected, that no abuse of those accounts had occurred and it was working with Twitter to “understand the full scope of this issue”.