Technology

Twitter API bug leaked private data to other accounts

A bug in Twitter’s account activity API inadvertently leaked sensitive data to other developers, including direct messages and protected tweets, Twitter announced on Friday.

By Patrick Howell O'Neill

September 21, 2018

(Pexels)

A bug in Twitter’s account activity API inadvertently leaked sensitive data to other developers, including direct messages and protected tweets, Twitter announced on Friday.

“If you interacted with an account or business on Twitter that relied on a developer using the AAAPI to provide their services, the bug may have caused some of these interactions to be unintentionally sent to another registered developer,” the company said in a statement.

The bug, which ran from May 2017 until September 10, 2018, required a “complex series of technical circumstances to occur” and impacted less than one percent of Twitter users.

Twitter counts over 335 million active users as of July.

Affected users are being directly contacted by Twitter. Those users have taken to the platform to complain about the bug.

I just got this from Twitter, so I asked:
"I received notice that Twitter employees had access to some of my DMs. Which DMs were they exactly? How many Twitter employees had access to them? Were the recipients of my DMs also told that my private messages to them were compromised? pic.twitter.com/OILTbbw7uc

— Katie🌻Moussouris (she/her) (@k8em0) September 21, 2018

Wait. @Twitter, we have to talk. You exposed my DMs through an API, *seriously*? pic.twitter.com/OerZNxxrMb

— Giorgio Bonfiglio 🇺🇦 (@g_bonfiglio) September 21, 2018

https://twitter.com/xWillzzzz/status/1043207736341803008

The company’s investigation into the issue is ongoing.

Twitter API bug leaked private data to other accounts

More Like This

Democratic operative behind Biden AI robocall says lawsuit won’t ‘get anywhere’

House hurtles toward showdown over expiring surveillance tools

Defining coercion at heart of Supreme Court case on government jawboning platforms

Top Stories

Iranian nationals charged with hacking U.S. companies, Treasury and State departments

Stolen Change Healthcare data could contain information on ‘a substantial portion’ of Americans

More Scoops

Bitcoin price jumps after hackers hijack SEC Twitter account

Senate Democrats call on FTC to investigate Twitter’s data security

Twitter restricts account of Intrusion Truth, which doxxes suspected Chinese hackers

Twitter fined nearly $550,000 in Europe for response to bug that exposed private tweets

Twitter says FBI tip prompted takedown of 130 fake accounts during debate

Around 130 Twitter accounts targeted in bitcoin scam hack, company says

Scammers hijack Twitter accounts of Joe Biden, Bill Gates and others to promote cryptocurrency

Latest Podcasts

How Troy Hunt knows if you’ve been hacked and Washington tries to understand AI

Why pig butchering is the worst kind of online scam

How the FBI fights ransomware

Rumman Chowdhury on AI red-teaming; a Sisense supply chain attack

Government

Technology

Threats

Geopolitics