Slashdot Mirror

← Back to Stories (view on slashdot.org)

Twitter Notifies Developers About API Bug That Shared DMs With Wrong Developers (zdnet.com)

Posted by msmash on from the Friday-security-news-break dept.

Twitter has started notifying developers today about an API bug that accidentally shared direct messages (private messages) or protected tweets from a Twitter business account with other developers. From a report: According to a support page published today, Twitter said the bug only manifested for Twitter business accounts where the account owner used the Account Activity API (AAAPI) to allow other developers access to that account's data. Because of the bug, the AAAPI sent DMs and protected tweets to the wrong person instead of the authorized developer. Twitter said it discovered the bug on September 10, and fixed it the same day. They also said the bug was active between May 2017 and September 2018, for almost 16 months. The bug represents a serious privacy issue, especially for Twitter business accounts that use DMs to handle customer complaints that in some cases may include private user information.

12 comments

  1. That explains it. by Anonymous Coward · · Score: 1

    I kept getting all these crazy ranting tweets from Donald Trump like every morning.

  2. Twitter accidents! by Anonymous Coward · · Score: 0

    We accidentally banned a bunch of conservatives.

    We accidentally shared your private messages.

    We accidentally made a profit.

    1. Re: Twitter accidents! by Anonymous Coward · · Score: 0

      But then I got high!

  3. The only bug... by Anonymous Coward · · Score: 0

    ... is that the DM's didn't get redirected to the right wrong people, but rather, to the wrong wrong people.

  4. Bugs like these often inserted on purpose by Anonymous Coward · · Score: 0

    usually after a court- and gag-order are served. It's the often disguised in a way that looks unintentional, but still makes no sense when you wonder how it actually got there.

    Remember that SSL security bug that Apple put into macOS, where a single misplaced goto made no sense as accidental, but opened the computer wide for anyone aware of it, and which Apple stubbornly refused to fix for 10 months? That's what it looks like when court- and gag-orders are served.

    This is no different.

    1. Re:Bugs like these often inserted on purpose by Anonymous Coward · · Score: 0

      Is this how linux will fall to the NSA and other friendly corporations like Google?

    2. Re:Bugs like these often inserted on purpose by Anonymous Coward · · Score: 0

      No, the CoC accomplished that.

      Do you really think Linus is coming back?

  5. Amateurs. by mujadaddy · · Score: 1

    Amateurs. Let the business world know that these clowns can't be trusted with serious matters.

    --
    Populus vult decipi, ergo decipiatur...
    "Force shits upon Reason's back." - Poor Richard's Almanac
  6. DMs? by Anonymous Coward · · Score: 0

    They're sharing dungeon masters?

    1. Re:DMs? by Anonymous Coward · · Score: 0

      They're sharing dungeon masters?

      No, they're sharing a Dominatrix, who has blue hair, black cat's eye glasses, and prefers the pronouns "xis" and "xir" on odd numbered days, and the pronouns "this" and "there" on even numbered days which have a 'y' in the name of the month.

  7. Improper Unit Testing by Anonymous Coward · · Score: 0

    This is why some training is good. If all you're told is to write tests you won't be writing good tests. Proper testing not only tests that A can access B when it's supposed to, it also tests that C can't access B as well. You need to test all cases, including complements and opposites.