RSSGroupTweet to blame for Twitter security 'compromise'
By Tim Conneally | Published April 23, 2008, 6:40 PM
Twitter, the moment-by-moment status update ("What are you doing now?") site that's the buzz among social networking circles, was shaken by a potentially embarrassing foul-up.
Especially popular among Silicon Valley's big names and linkable to many other sites, most notably Facebook, Twitter allows users to create a pseudo-RSS feed of the often inane and meticulous details of their day. Some users, however, found their not-so-inane private messages had been broadcast to all their friends through no fault of their own.
Outraged and embarrassed, one user, whose private message was broadcast to all of her 650 friends, had to delete her Twitter account altogether just to remove it.
At the heart of the "compromise" were third-party Twitter application GroupTweet, coupled with good old fashioned human error. GroupTweet utilizes Twitter's API to access a user's friends list, and sends direct messages to a select group. It sounds simple enough, but apparently the instructions were a little less than straightforward.
Today on GroupTweet's main page, this explanation was posted: "The reason that a particular GroupTweet users' direct messages were exposed is because she registered her personal Twitter account at GroupTweet. The site was doing exactly what it was supposed to: taking direct messages sent to the group account and re-publishing them as tweets. When the personal account was registered here, direct messages sent to the account were republished. Unfortunately, these were not meant to be republished."
The user in question followed on Techcrunch by saying, "The original message is found here [screenshot of the registration box on GroupTweet's site]. It does not specify if I must enter the group account or enter using my personal account, so I may then select which of my groups I would like to register."
All GroupTweet accounts have been disabled to prevent any future mistakes of this nature. Aaron Forgue, developer of GroupTweet, says, "I am 100% at fault for this fiasco because I did a poor job of explaining the steps one needs to take to use GroupTweet. I sincerely apologize."
http://www.crunchbase.com/person/orli-yakuel
with the original TechCrunch post at http://www.techcrunch.co...direct-messages-exposed/
Score: 0
|Twitter is very cool.
Posting your personal private embarrassing information on the Internet and expecting it to stay private is just lame.
Score: 0
|Serves her right. Kids these days spend their time twittering their 650 friends (six hundred fifty! you don't even have enough time in a day to stay on top of that) feel entiteld to it while bagging in excessive wages. Makes me feel so much better wasting my time on BN :)
Score: 0
|lol i agree.
Score: 0
|Totally agree. I mean, this personal message I bet sounded smth like: "I'm sitting on the toiler feeling lonely". I mean, hell, it's minute-by-minute, right? ;)
Web2.0 sucks and all people who see a ton of future in it are imbecile.
Score: 0
|You are a narrow minded idiot.
http://en.wikipedia.org/wiki/Web_2
Score: 0
|How can this make a news at all ?
Who in his sound mind would publish a minute-by-minute journal of its own activities on the web ?
This web 2.0 thing is turning worst minute-by-minute.
Score: 0
|Who is this user...?
Score: 0
|