is an archive and is no longer updated, you can now find me at →

02 27 2008

This past evening, I’m sure some of you may be aware, that Twitter went on the fritz. Randomly logging people into different accounts, including permissions. As you may have guessed, chaos ensued. But the real problem here isn’t necessarily identity theft or some other more serious problem, though you could say it was identity theft, just not based on bank accounts or other monetary sources, but reputation.

Given the anonymity, some people decided it would be a great time to use other peoples accounts to tweet some rather obscene things. I’m sure they chuckled. But the problem here is that those comments are tied to the identities and reputations of those people. Even worse, there are many people using Twitter as a piece in the puzzle of a more complex thing. For example, I use Twitter to run the asides section in my footer, a bit of a look into what I’m doing at a given moment.

Now, perhaps a potential freelance job was browsing my blog and began reading some of the things other people were tweeting and weren’t particularly savvy enough to understand the situation. I don’t think I need to explain that further.

To further complicate things, these people who are using Twitter for other applications and aren’t particularly tech savvy will have some trouble on their hands come tomorrow. Because of the way the Twitter plugin I use functions, for example, it keeps a record of my tweets in a table in the MySQL database. While I did regain control of my Twitter account and was able to delete the offensive tweets there, they were still stored in my database here.

Granted, I have enough knowledge to delete them from the database as well, but what about all the other people out there who haven’t the faintest clue? Those people make up the vast majority of a Twitter’s userbase, not people savvy enough to do all the necessary cleanup.

Just another example of why trusting data to third parties can be ugly. Anyone else effected by the anarchy tonight?



  1. Ahh, I see major damage control coming in the next little while.
    Luckily (I guess), I’m not popular enough to present a target for the spamming. So I haven’t witnessed any chaos firsthand … yet. Hopefully all gets resolved, though.

  2. @Mitch: I wouldn’t worry about targeting, most people post from Twitterific or similar applications, most of which don’t show what account you’re logged into. So I’m pretty sure whether or not you get hit is completely random.

  3. Your body text color is cleverly not black. Kudos. But it’s too light. I groan when I come here for a good blog entry or something and have to read it with that poor-ish contrast.

  4. lucky me, I’m not using twitter ;)

  5. Jeff,

    I have read this blog on numerous computers/ monitors and have had absolutely no problem with the contrast of the copy to the background… maybe your setup?

    I have been aware of this possible security scenario for a while, however what can you do? I guess you have to trust that the developers at these companies are smart enough to minimize this as much as possible, and hope that nothing like this happens again (or ever). Unfortunately mistakes happen, so safeguard yourself as much as possible and never trust anything with a third party that you wouldn’t want other people to see.

  6. I have been aware of this possible security scenario for a while, however what can you do?

    @Zinni: I agree that trust is really all you have, if it’s a paid service you are still on the short end of litigation should something of larger scale occur.

    It does make me second guess using applications such as Twitter for uses other than their original purpose (eg the asides here). Had I manually entered them here or done a bit of theme hacking, I would only have myself to blame had something happened since everything was on my own server.

    I think web applications are worthwhile, but the lesson I learned is that it in many cases (especially if you’re not tech savvy to clean things up if something happens) , it is likely worth the time investment to write your own things if they are simple enough. Perhaps I’ll find the time to install or write a plugin. :)

  7. if you’re not tech savvy to clean things up if something happens…it is likely worth the time investment to write your own things…

    I’m not sure I follow.

    You trust banks with your money, the government with your personal information, and even call-center employees with social security numbers, credit card numbers, and all varieties of information that could ruin your livelihood much worse than Twitter could with a rogue tweet. Look at Dreamhost.

    How is this anything new or different? Trust is a requirement of life.