• Uncategorised

Twitter may have sent your private DMs to the wrong people — but probably not – CNET

Twitter
Getty Images

A Twitter bug may have sent some people's direct messages to developers who weren't supposed to get them, the company said Friday.

Twitter said it discovered the bug in its Account Activity API (AAAPI), which lets registered developers build tools to help businesses communicate with customers. Users who interacted with accounts or businesses that relied on developers using the AAAPI may have had their direct messages or protected tweets sent to the wrong people. For example, a direct message to an airline about lost bags may have been accidentally sent to the wrong source.

In a statement, Twitter said it was "very sorry this happened."

The issue began in May 2017. Twitter said it issued a fix when it discovered the problem on Sept. 10, 2018. The bug affected less than 1 percent of users, the company said. 

"Any party that may have received unintended information was a developer registered through our developer program, which we have significantly expanded in recent months to prevent abuse and misuse of data," Twitter said in a statement. 

The company said it'll contact people directly if their account was affected by the bug. 

Some users tweeted screenshots of the notifications they'd received from Twitter. 

"Sorry, what ?! My DMs may have been sent to developers for a more than a year??" Mashable reporter Karissa Bell tweeted.

In a tweet, Twitter said: "We haven't found an instance where data was sent to the incorrect party. But we can't conclusively confirm it didn't happen, so we're telling potentially impacted people about the bug. If you were potentially involved, we'll contact you today. We're sorry that this happened." 

In another tweet, the company emphasized that "this only involves potential interactions or Direct Messages you have have had with companies using Twitter for things like customer service. Your other DMs are not involved at all."

Twitter said it reached out to developer partners to make sure they delete any information they shouldn't have. 

"Our investigation is ongoing," Twitter said in the statement. "We will continue to provide updates with any relevant information."