Twitter has recently shared details about the bug it has come across which might have shared users’ direct messages with unauthorized developers. The company which boasts a userbase of $335 million says the bug has affected less than 1% of the users.
In a blog post, it goes on to say that the bug was in its Account Activity API and had been running since May 2017 until it was discovered on September 10th. It further said the authorities took the required measures to fix the bug, which was done within hours. The users whose accounts have been affected by the bug will be contacted directly via an in-app notice and also on the company’s website.
Twitter says their investigations have confirmed only one set of technical circumstances where this issue could have occurred.
The glitch may have sent the messages exchanged with customer service accounts, like businesses or airline services. It may have caused these interactions to be shared with another registered developer, in some cases, resulting in the sharing of protected tweets or Direct Messages. This happened because these customer service accounts rely on AAAP to provide their services.
Any developer that might have received the data was a developer registered through Twitter’s developer program. The California-headquartered firm has already emailed its developer partners to ensure that they the comply with the obligations to remove the data that they should not have.
Twitter has also been working with its active enterprise data customers and developers who had access to this API, and as per the blog, the review suggests that these partners or customers were not affected. Having taken almost two weeks after the issue came into the notice, the company says that the investigation is ongoing and will be providing relevant updates on the samebug.
The micro-blogging platform has witnessed a second such glitch this year. Earlier in May, it asked the users to change their passwords after coming across a bug that stored the passwords in plain text form.