Latest in Gear

Image credit: SOPA Images via Getty Images

Twitter bug sent some DMs to developers for over a year

The API problem could have affected millions of users.
182 Shares
Share
Tweet
Share
Save
SOPA Images via Getty Images

A bug in one of Twitter's APIs may have caused unauthorized developers to receive some users' direct messages and protected tweets. Twitter says it hasn't yet discovered evidence that a developer actually received such data, nor does it believe that such information was misused, but can't say for sure that it didn't happen.

Twitter says that less than one percent of users were affected, but given there are more than 335 million active users, that could still mean the bug hit more than 3 million people. The company is informing affected users via a notice on its app and website.

The company fixed the problem after discovering it September 10th, and it determined that the bug, which affected the Account Activity API, had been active since May 2017. That API lets developers create tools for businesses to communicate with customers, and the bug could have sent those interactions (which often contain sensitive customer information) to a different developer. "In some cases this may have included certain Direct Messages or protected Tweets, for example a Direct Message with an airline that had authorized an AAAPI developer," Twitter said.

From around the web

ear iconeye icontext filevr