A Twitter bug may have sent direct messages to users to external developers



[ad_1]

A bug in the way the Twitter platform is accessible to third-party application developers may have exposed some direct messages from selected users to developers who do not work for Twitter, the company revealed in a blog today.

Twitter indicates that the bug has been active since May 2017 and has posted a fix in the hours since the bug was discovered on September 10, 2018. It affected less than 1% of users and affected direct messages that were based on some API designed for customer service interactions. The Twitter example is a direct message to an airline that uses a developer account to access the relevant API, known as the Account Activity API (AAAPI).

"If you have interacted with an account or a company on Twitter that was relying on a developer using AAAPI to provide its services, the bug may have caused some of these interactions to be inadvertently sent to another registered developer," explains # 39; section. "In some cases, this may include some direct messages or protected tweets, for example a direct message with an airline that has licensed an AAAPI developer. Similarly, if your company has authorized a developer using AAAPI to access your account, the bug may have affected your activity data by mistake.

Twitter says that a "complex series of technical circumstances" was needed for your direct messages to be sent to the wrong source. details these circumstances in a separate blog post. He also says that there is no evidence that direct messages have been sent to the wrong party, but can not exclude the possibility while the investigation is in progress. Nevertheless, this is a serious bug that does not bode well for the privacy and data protection of platform users.

Twitter indicates that it contacts affected users through its mobile app and website, and works with developers to ensure that anyone who has received unauthorized information removes it. Earlier this year, the company admitted to accidentally storing plain text user passwords and advised all of its 330 million users at the time to change their login credentials.

Update of September 21st at 3:21 pm ET: Clarification that Twitter says that it has no evidence that direct messages have been sent to the wrong party, but that it can not exclude the possibility that this has occurred. The title has been updated to reflect this fact.

[ad_2]
Source link