Most days, I lead a pretty happy existence.  I write code.  I meet with folks at HubSpot.  I talk to fellow entrepreneurs and generally try to spread goodwill and love. Today, however, it sucks to be me. 

So there’s no surprise that something like this will happen sooner or later. Twitter Grader got hacked and some enterprising hacker was able to get hold of access to users’ accounts and make posts on their behalf.

That’s about all there is to the bad part. The good part is that the system relied on OAuth so all that needed to be done was to revoke the keys for all apps connecting to Twitter Grader and problem solved. The rest is up to the developer to harden the new code and close that loophole.

But this post isnt all about that. The commenters are full of praise for the clarity of language and the explanation and the responsibility taken by Dharmesh for the error on his part. Which is nice. And makes for good PR. And makes everyone feel good about the people running the app are aware and able to handle the situation. It’s amazing how good communication and acceptance of the fact that he screwed up helps to continue to maintain and build an even better trust system with his users.

We do have to remember that he *did* screw up and that there was a loop in the code that probably sat there from oversight for months on end either unknowingly or even knowingly (with hopes that it just wont be found). Either way, no way around the fact that there was some poor choices made, but it’s amazing to see how far a little social engineering can go to mend relations. It’s a lesson to learn about how well good communications can work for both good and of course, for evil purposes also (hence all the phishers are still profitable).