Dubai: Twitter has admitted that a bug may have sent private messages of some of its users to external developers.
Many Twitter users received a notification that read: “On Monday, September 10, we identified a bug that may have sent one or more of your Direct Messages (DM) or protected Tweets to Twitter developers who were not authorised to receive them. The issue has persisted since May 2017, but we resolved it immediately upon discovering it.
“Our investigation into this issue is ongoing, but presently we have no reason to believe that any data sent to unauthorised developers was misused.”
In a blog post on Saturday, Twitter said: “The bug affected less than 1 per cent of people on Twitter. The bug may have caused some of these interactions to be unintentionally sent to another registered developer.”
As of the second quarter of 2018, the micro-blogging service had 335 million monthly active users.
Tweep @leesaivy posted: “Um, did everyone get this notification on Twitter about a bug that ‘may have sent a direct message or protected tweet to Twitter developers’?”
However, not everyone received the notifications.
According to Twitter’s blog post: “If your account was affected by this bug, we will contact you directly through an in-app notice and on twitter.com.”
The problem began in May 2017, but was not discovered until September 10, 2018. Twitter said it fixed the bug to prevent data from being unintentionally sent to the incorrect developer. According to Twitter’s blog post: “The bug affected less than 1 per cent of people on Twitter. The bug may have caused some of these interactions to be unintentionally sent to another registered developer.”
Like many others, @KatyKatopodis questioned why it had taken Twitter so long to notify people. She tweeted: “And now? What’s happening @twitter? And why has it taken you 12 days to tell me about this ‘bug’?”
According to Twitter, the bug only affected accounts run by businesses and organisations, suggesting that any leaked messages were likely to be individuals’ interactions with customer-service operations.
The support page added: “For those who received notifications today, this only involves potential interactions or Direct Messages you have had with companies using Twitter for things like customer service. Your other DMs are not involved at all.”
@katebevan asked: “So, Twitter, this “bug” is basically a giant data breach, and a bit of regret isn’t really cutting it right now. Who has been affected? Me? Hundreds of users? Thousands? Millions?”
@TwitterSupport responded: “We haven’t found an instance where data was sent to the incorrect party. But we can’t conclusively confirm it didn’t happen, so we’re telling potentially impacted people about the bug. If you were potentially involved, we’ll contact you today. We’re sorry that this happened.”
User @manjusrii tweeted: “Here’s hoping you don’t get the ‘oopsie our bad’ pop-up message some people have been seeing.”
The disclosure comes at a critical time, just days before its data protection chief faces questions from a US Senate committee about how tech companies are safeguarding consumer privacy. Six major tech companies and internet-service providers — including AT&T Inc. and Alphabet Inc.’s Google — will detail their consumer data privacy practices on September 26.
