Skip to main content

Twitter squashes security bug leaking direct messages since 2017

Direct Messages on Twitter
Image used with permission by copyright holder

When you send a direct message on Twitter, you expect the information to be kept private between you and the intended recipient; unfortunately, Twitter revealed today that due to a software bug, some direct messages might have ended up in the wrong hands. The error may have affected communications between some of Twitter’s user base and business accounts on the platform as far back as May 2017.

According to Twitter, the company recently discovered a bug within its Account Activity API — a programming interface that allows business developers to source information regarding other accounts in real-time. The API feature is regarded as a source of premium information access that allows businesses to connect with customers and monitor social streams.

Recommended Videos

If you direct messaged a business account between May 2017 and September 10, 2018, it is possible that your information was unintentionally routed to a registered developer. Instead of your private information being shared only with the intended recipient, the developer of the platform used by the business may have also received its contents. Businesses that users may have interacted with include accounts for customer support, airlines, banks, and more.

The team at Twitter stresses that the data breach was fixed within hours of being discovered, but that still means that the bug ran for sixteen months without being detected. The company has also noted that the software glitch affected less than 1 percent of people on Twitter, but with Twitter having sixty-eight million active users as of early 2018, that could mean that up to approximately 680,000 people were affected.

Twitter has begun reaching out via in-app communication and website notices to any users who may have been compromised by the incident. The company’s policies require developer partners to dispose of any information that they may have unintentionally received. As expected, Twitter is hoping that developers will do the right thing and delete any intercepted messages.

Most businesses typically do not ask consumers to send sensitive information via direct messages, but if you have submitted any information to a business account via direct messages that you deem sensitive, it is vital to keep an eye out for any fraudulent activity that may result from the incident.

Michael Archambault
Former Digital Trends Contributor
Michael Archambault is a technology writer and digital marketer located in Long Island, New York. For the past decade…
Twitter will soon be a bit less irritating for many people
Twitter logo in white stacked on top of a blue stylized background with the Twitter logo repeating in shades of blue.

With or without Elon Musk at the helm, Twitter can’t seem to decide what it wants to do with its algorithmic timeline, currently branded as “for you,” which shows tweets it thinks you'll like, whether or not you follow the tweeter.

For years it’s been messing about not only with the algorithm but also with the extent to which it forces the timeline on users.

Read more
Thanks to Tapbots’ Ivory app, I’m finally ready to ditch Twitter for good
Profile displayed in Ivory app

Ever since Elon Musk took ownership of Twitter, it’s been one chaotic new thing after another. You literally cannot go a day (or a few days or even a week) without some stupid new change to the site — whether it’s about checkmarks for verified or Twitter Blue subscriber accounts, how links to other social networks are banned and then reversed, view counts on Tweets, or something else. I can’t keep up with every little thing that has happened since the beginning of November, and it feels like the spotlight is always on the toxicity of the site in general.

New Twitter alternatives have been popping up recently, but it seems that the most popular one continues to be Mastodon. I originally made a Mastodon account back in 2018 when it first launched, but it never clicked with me back then, and I eventually went back to Twitter. With the Musk mess, I tried going back to Mastodon, but again, it didn’t really click with me — until Tweetbot developer, Tapbots, revealed its next project: Ivory.
The significance of Tapbots and Tweetbot

Read more
What is Twitter Blue and is it worth it?
Twitter Blue menu option on a white screen background which is on a black background.

If you spend time on Twitter, you've probably heard the phrase "Twitter Blue" at some point and wondered what exactly it is. We're not talking about the signature shade of blue featured in its logo -- we're talking about the premium version of Twitter.

That's right. There's a paid tier for Twitter that many people don't even know exists that launched in July of 2021. And then relaunched again under Elon Musk's ownership in November 2022. Don't worry -- we'll explain everything below.
What is Twitter Blue?

Read more