Twitter restores Tweetdeck service, says few users affected, no passwords compromised by bug

Twitter restores Tweetdeck service, says few users affected, no passwords compromised by bug

Update: Tweetdeck is now back up, statement from Twitter below.

Twitter has shut down access to Tweetdeck after a user discovered a bug that was apparently giving him access to hundreds of other accounts, reports Techcrunch. The new Tweetdeck web app is apparently offline and allowing no logins. We have confirmed that the web version of Tweetdeck is currently down, although older desktop editions of the software and those on Android appear to continue to receive and send Tweets at the moment, and can still log out and back in. The users, Geoff Evanson, mentioned to the publication that he had been given access to a bunch of other user accounts, sending them an email describing the issue:

I’m a tweetdeck user. A bug has given me access to hundreds of twitter and facebooks account through tweetdeck. I didn’t do anything special to make this happen. I just logged in one day, the account was was slower than normal, and I could post from many more accounts.

Apparently, Evanson had been experiencing crashing using the web client, so he downloaded the Mac version of Tweetdeck instead. It also crashes on him, but not before displaying other users’s streams and allowing him to post to them. Twitter has also confirmed that has taken it down while it looks into ‘an issue.

Evanson went on to offer assistance to Twitter in nailing down the source of the bug:

Twitter updated the Tweetdeck appearlier this month, bringing back classic RT, adding media previews and more. Twitter says that it continues to work on the issue:

More to follow

Update: Twiiter has released the following statement about the Tweetdeck issue:

As soon as we learned about the issue today, we took TweetDeck down to diagnose the situation. We discovered a bug that caused a very small number of TweetDeck users to have access to other TweetDeck users’ accounts. (The accounts that could be accessed were random; it was not possible to select specific accounts and access them.)

No one’s password was compromised, and we aren’t aware of any instances where this access was used maliciously. As a precaution, we removed account credentials associated with affected TweetDeck users; they will need to log in to authorize the TweetDeck application to access their accounts.

Read next: Grabio: Finally, location-based mobile classifieds that are actually worth using