Twitter API Flaw Exposed Users Messages to Wrong Developers For Over a Year. Twitter’s API is known for being quite powerful and sound overall, but there are some privacy issues that even this API might not be able to handle! In this situation, a bug in the Twitter API actually showed some of the direct messages and protected tweets to third party app developers that shouldn’t be able to see them. This was outlined by Twitter on their own blog.
What brought this issue?
The bug was in the Account Activity API that developers use to create tools that will make business communication easier. But then again, this is also what caused the potential exposure due to the flaw in the first place.
This AAAPI bug was there for more than a year, until Twitter found it and then repaired it within hours. Even so, we don’t know how many people were affected, as the bug was there for around 16 months.
As you can imagine, the bug was mostly caused by the way the AAAPI works in the first place. In case the user interacts with a business or account that uses the AAAPI, then the bug will send some or all the DMs and tweets to the wrong developers.
How many users were affected by this bug?
It’s very hard to pinpoint a certain number related to this issue. What Twitter says is that the affected users are less than 1% of the entire Twitter population. Since the platform has around 336 million monthly users, that still leaves around 3 million people that were affected by this.
However, this bug is mostly related to companies and the way they processed things, which on their own seem to be quite the issue to begin with.
Twitter has already tried to fix everything here. They contacted the developers that received unwanted data and it’s working with those developers to ensure that the content is deleted properly. However, Twitter does state that the investigation is ongoing right now and they will release another update or statement when everything is said and done.
Can the affected users do anything?
No, you can’t really do anything. That data is already in the wrong hands, all Twitter can do is to connect with the people that received the unwanted data or make them delete it. That’s definitely a bit strange when compared to other similar situations.
This is similar to what happened during the Cambridge Analytica scandal when Facebook had to talk with developers to delete data. But the results were not great. Hopefully something better will happen in the case of Twitter.
The bug is not as bad as a lot of people make it up to be, so the results that it can deliver will most likely be pretty impressive in the end. One thing is certain, Twitter is set to investigate many of the platform’s tools a lot more than before, as they definitely want to avoid a situation like this from ever happening!