Twitter sent out an alarming message to its users today that informed them about a critical API bug. The bug may have led to a data leak by allowing developers on the platform access to direct messages of users with protected accounts.
The data leak was unintentional and was first identified on September 10 by Twitter. The bug has already been patched out, but the extent to which private messages have been seen by partnered developers is unknown. The social media platform went into detail on the bug today, explaining that the flaw may have allowed data to be sent to webhook URLs of the wrong developers.
Twitter informed users in its blog “Our team has been working diligently with our most active enterprise data customers and partners who have access to this API to evaluate if they were impacted. Through our work so far, and the information made available to us by our partners, we can confirm that the bug did not affect any of the partners or customers with whom we have completed our review.”
Two or more registered developers with the Twitter API platform had to share their API subscriptions tied to the same public IP, URL paths had to match exactly across those IPs to successfully share the data. The information would also have to originate from the same server located in the social media giant’s data center. All of these factors combined make it nearly impossible that any personal data was seen by any of the developers.
Twitter has not found any evidence of the data breach. However, an investigation is still ongoing to fully assess if any data was leaked at all. The social media has been dragged into controversy a lot lately with its ineffectiveness at dealing with fake news and hate speech in the past. The microblogging platform has been actively trying to offer a better experience for users.
What do you think about the API bug? Let us know in the comments below. We’d also love to hear back from you so feel free to follow us on Facebook or Twitter.