Oops! It took Twitter 2 weeks to tell users of bug that exposes messages to unauthorized developers

21 Sep, 2018 21:04 / Updated 6 years ago

A bug on Twitter has been sending users’ private direct messages to third-party developers, who are unauthorized to view them. The tech has giant informed affected clients of the problem, but almost two weeks after discovering it.

Members of the Twitteratti began receiving notifications from the social networking website on Friday, that their messages and protected tweets have been exposed for more than a year.

The problem, which was building since May 2017, was discovered on September 10 and fixed “within hours,” the company said. But for some reason it took Twitter almost two weeks to relay this information to its users.

The tech giant said that “the bug affected less than 1% of people on Twitter,” but it’s still a significant number, considering that the platform has around 335 million users.

The problem occurred in the Account Activity API (AAAPI), used by registered developers to build tools that help businesses to communicate with its customers on Twitter. “The bug may have caused some of these interactions to be unintentionally sent to another registered developer,” the company said.

“A complex series of technical circumstances had to occur at the same time for this bug to have resulted in account information definitively being shared with the wrong source,” it added.

Twitter said that it currently has no reasons to believe that any of the data sent to the wrong developers had been misused.

The tech giant said it has been working with its partners to make sure that they will “delete information they should not have.”

Those users that were affected by the bug will be contacted directly by Twitter staff, it said, adding that the investigation into the issue was ongoing.

READ MORE: 'Patience reached limit': EU warns Facebook to comply with consumer rules by end of 2018

It’s the second bug this year involving people’s data on Twitter. In May, many users were asked to change their passwords after it became clear that they were stored in unmasked form on the company’s internal log.

Think your friends would be interested? Share this story!