Twitter late at night restored TweetDeck’s access after pulling it down over a serious bug. In a statement given to The Verge, Twitter said that there had been a bug that led to a “very small number” of users getting control of others’ accounts, up to the hundreds in at least one case. The flaw had been random and didn’t see anyone’s passwords compromised.
When it happened, the bug was random and didn’t let users hand-pick which customers’ accounts they wanted to look at.
It was implied the bug had been fixed or would be in time to minimize the damage. In the meantime, Twitter had removed the saved credentials of existing visitors to make them sign in again.
The flaw was originally found by Geoff Evanson, who was inadvertently given control over hundreds of Twitter accounts and could make any of them do what he wanted. The bug may have originated in TweetDeck 1.3 and not any of its mobile apps.