Home » Uncategorized

Crazy Twitter: Proof of Concept of an A-Grade, Major League Twitter Stuff Up

29 February 2008 No Comment

Via @kolson29:

here’s a video of the twitter craziness from last night http://s3.jeremybanks.ca/cr… about 1 hour ago from web

The video is titled simply “Crazy Twitter” and what it depicts is simply astonishing. This screen capture was made during yet another Twitter meltdown last night in which users were randomly gaining access to each other’s accounts. Posts could be made, account details viewed, and passwords changed; anything was possible.

This is a security nightmare for the application to the extent you can now hear Twitter’s credibility dropping like a stone. If they don’t get their acts together they won’t be long for this world. This is an A-Grade, Major League stuff up.

Twitter desperately tried to smooth things over in a post (“Timeline Oddity Update” 27 February 2008), saying:

Some folks experienced a more dramatic error which had them accidentally updating other people’s Twitter—this is a more serious issue which crosses into the realm of security. We took this very seriously, acted quickly, and learned from our mistake.

We hope our error didn’t put you out too much tonight. We’re pulling together the team and analyzing how we made this mistake so we can avoid this error next time.

The implications of this bug are HUGE. I don’t care how seemingly insignificant a tool or application is, gaining access to another users account information is completely unacceptable. This borders on a “one strike and you’re out.” There will be people who delete their accounts for this. The question is how many.

Having gone back through my posts over the last few days, I do not seem to have been affected by all this. But based on the screen capture, it’s more than likely that the impact of this bug was substantial.

Twitter’s unexpected outages are an inconvenience. The fact their maintenance windows extend well past the announced endings is irritating. The fact user accounts were compromised and any one could view or change your account without you knowing is something far, far worse.

Update: Dave Winer has recently written a post titled “Guidelines for competing with Twitter” which is well worth a read.  I hope someone adopts his recommendations because I’m ready to switch; there just isn’t anything worthwhile to switch to yet.

References:

Leave your response!

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

This is a Gravatar-enabled weblog. To get your own globally-recognized-avatar, please register at Gravatar.

« Back to text comment

Additional comments powered by BackType