The popular messaging platform said it discovered “a security issue that affected TweetDeck” and temporarily took the service offline, telling users: “Please log out of TweetDeck and log back in to fully apply the fix.” After a period of confusion and complaints about the fix not working, Twitter announced, “We’ve verified our security fix and have turned TweetDeck services back on for all users. Sorry for any inconvenience.”
Some experts said the vulnerability could be exploited by hackers, and reports cited instances of people’s TweetDeck accounts hijacked on the Chrome browser. Independent security analyst Graham Cluley said the issue was “a potentially serious security flaw” and added, “It is easy to imagine how someone could take advantage of it with malicious purposes.” “In my opinion, TweetDeck isn’t safe to use until the flaw has been fixed,” Cluley said in a blog post. “So you need to quit TweetDeck right now, and revoke its access to your Twitter account.”
It was not immediately clear if Twitter’s fix had patched the flaws in the browser versions of the program. Earlier, journalism professor Jeff Jarvis tweeted that his account appeared to have been compromised and that Twitter’s advice failed to work. “Goddamnit, @twitter: 1. Impossible to sign out of Tweetdeck when it’s taken over 2. Killing app, reinstalling & signing in does NADA,” he said. Twitter in 2011 bought what had been an independent application.
TweetDeck, which was founded in 2008 by Iain Dodsworth, is a favorite of heavy users of Twitter, allowing them to view “tweets” in various different ways and to organize their messages into columns — features which are not offered on Twitter’s own website.