Twitter said a bug which lingered on for more than a year where users’ private DMs were being sent to unauthorized developers has been patched. The bug, according to Twitter, sent private direct messages to unauthorized developers lingered since May 2017.
Twitter began issuing warnings to users last Friday, but calmed nerves that it had dealt with the issue. Regardless of Twitter’s explanation and attempt to calm users, the fact that private DMs were exposed for that period of time [16 months actually] is a lot to worry about.
“On Monday, September 10, we identified a bug that may have sent one or more of your Direct Messages or protected Tweets (if your account was protected at the time) to Twitter developers who were not authorized to received them,” read the message. “The issue has persisted since May 2017, but we resolved it immediately upon discovering it,” Twitter said per the Twitter page of Karissa Bell a Mashable reporter.
Why it took Twitter almost two weeks to inform users after it discovered the bug on September 10 is what bothers me the most. Though, the microblogging company did say the issues that led to the bug were identified and resolved during the period in question, it would have made a lot of sense to immediately notify users.
Of 335 million active users on Twitter, the company said the glitch only affected about 1 percent. While that is not alarming to put it mildly, the fact that private messages found their way to unauthorized third-party developers should worry some if not most of us.
In a notice published on the Twitter Help page, the company said its investigation would continue. The company also said it would “contact you directly through an in-app notice and on twitter.com” if your account was among those affected by the bug.
The microblogging company also said that developer partners have been contacted to “ensure that they are complying with their obligations to delete information they should not have.”
As expected, Twitter tendered an apology, which could go a long way to determine how users react to this latest bug going forward. “We’re very sorry this happened. We recognize and appreciate the trust you place in us, and are committed to earning that trust every day.”
In the interim, nothing is required on the part of the user—and that means your account is safe. This contrast the bug issuer the platform suffered in May 2018 it urged all users to consider changing their password. The advice came on the heels of a bug which Twitter said “stored passwords unmasked in an internal log.”
Though, Twitter said no evidence pointed to a breach or misuse, it nonetheless advised users to consider changing their password. It did not end there though, the company also strongly recommended that users change their password on all services where the same password had been used.