A bug on Twitter could have shared private messages from users with developers



[ad_1]

Twitter's CEO, Jack Dorsey, testifies before the House Energy and Commerce Committee hearing on Twitter Algorithms and Content Monitoring at Capitol Hill, Washington, September 5, 2018 .

Chris Wattie | Reuters

Twitter's CEO, Jack Dorsey, testifies before the House Energy and Commerce Committee hearing on Twitter Algorithms and Content Monitoring at Capitol Hill, Washington, September 5, 2018 .

Twitter said Friday it fixed a bug that could have shared users' private messages with software developers outside the company.

blog article.

The bug affected user data between May 2017 and September 10, when it was discovered. The bug was then corrected in the hours that followed, said Twitter spokeswoman. The company waited to reveal the bug "to make sure we provide the most accurate information," she said.

No private messages between individual users have been shared with external software developers, the Twitter spokeswoman said.

Some users reacted to the disclosure of the bug by tweeting the notice they had received from the company.

Here is the complete statement from Twitter:

We recently discovered a bug in our Account Activity API (AAAPI). This API allows registered developers to create tools to better support businesses and their communications with customers on Twitter. If you have interacted with an account or a company on Twitter that relied on a developer using AAAPI to provide its services, the bug may have caused some of these interactions to be inadvertently sent to another registered developer. In some cases, this may have included some direct messages or protected tweets, for example a direct message with an airline that has authorized an AAAPI developer. Similarly, if your company has authorized a developer using AAAPI to access your account, the bug may have impacted your activity data.

It is important to note that, based on our initial analysis, a complex set of technical circumstances must have occurred at the same time for this bug to result in the final sharing of the account information with the wrong source. More right here.

Main updates:

  • The bug started in May 2017 and a few hours after discovering it on September 10, 2018, we sent a patch to prevent the unintentional sending of data to the incorrect developer.
  • The bug affected less than 1% of people on Twitter.
  • Any party likely to have received unexpected information was a registered developer via our development program, which we have greatly expanded in recent months to prevent data abuse and misuse.

And after?

  • If your account has been affected by this bug, we will contact you directly via a notice in the app and on twitter.com.
  • We have contacted our developer partners and are working with them to make sure they comply with their obligations to remove information that they should not have.
  • Our investigation is in progress. We will continue to provide updates with any relevant information.

We are really sorry that this happened. We recognize and appreciate the trust you place in us and we commit ourselves to gain that trust every day. For more information on our updated API strategies and on how to monitor the applications you use on Twitter, see right here and right here.

[ad_2]
Source link