Twitter announced a couple of days ago that it fixed a bug which allowed third-party developers to access the private direct messages of users. The bug was affecting one of Twitter’s API, but it has now been fixed. We should also mention that Twitter is claiming that it has no way of knowing if any third-party developer has actually accessed the private direct messages of users, but it believes that “less than one percent of Twitter users” have been affected by this bug.
Twitter Bug Exposes Direct Messages
Even though Twitter is proudly saying that less than one percent of the app’s user base has been affected by this bug, this still means that more than three million people could have their direct messages exposed. Twitter has an active user base of more than 336 million people and there is a high chance that the direct messages of three million of them have been exposed.
On the bright side of things, Twitter is transparent about this issue and it’s alerting every user about the bug. Twitter is sending out notifications to every user via the app and the official website. Twitter also mentioned that this API bug has been present for more than a year and that the developers have fixed it hours after finding out about it.
Alerting the Users
“If you interacted with an account or business on Twitter that relied on a developer using the AAAPI to provide their services, the bug may have caused some of these interactions to be unintentionally sent to another registered developer. Based on our initial analysis, a complex series of technical circumstances had to occur at the same time for this bug to have resulted in account information definitively being shared with the wrong sources” said Twitter when alerting the users.