Yesterday, Twitter said that a Bug is sending user private direct messages to third-party developers who are not supposed to receive them, the company revealed in a Blog post. Twitter Bug was active in May 2017, but the social media giant resolved this issue within Hours after they discovered it on September 10th, 2018.
Less than one percent of users got affected by this, and the Direct messages issue includes users of Business accounts that which depends on a specific type of API used for customer service interaction. Twitter said in a Notice that a complex technical condition required to sent the Direct messages to the wrong person.
the post reads, “If you interacted with an account or business on Twitter that relied on a developer using the AAAPI to provide their services, the bug may have caused some of these interactions to be unintentionally sent to another registered developer. In some cases, this may have included certain Direct Messages or protected Tweets, for example, a Direct Message with an airline that had authorized an API developer. Similarly, if your business authorized a developer using the API to access your account, the bug may have impacted your activity data in error.”
Twitter Bug raise questions on User’s Privacy and data protection on the platform, Whereas the investigation, is still going on. Twitter said that they are contacting affected users through the website and Mobile app and also working with the developers to make sure anyone who received unauthorize information deletes it as soon as possible. At the start of the year, the company confessed to mistakenly storing users password in plain text and also asked 330 million of users to change their login credential.