Twitter exposed private user tweets for five years

Science

18 Jan 2019

#BugAlert: Twitter 'accidentally' made protected tweets public for five years

After Facebook, Twitter appears to be the one battling with security issues.

No, the platform has not been hacked (yet), but it has been marred by multiple data-risking bugs.

Just a few weeks ago, we witnessed a weird 'number-spoofing bug', and now, the microblogging site has acknowledged another vulnerability, one that exposed 'protected' tweets for about five years.

Here's more about it.

Private tweets

First up, you should know about protected tweets

First up, you should know about protected tweets

If you have been using Twitter for a while, you would know that the platform offers a way to keep tweets protected.

Normally, your tweets stay public, but if you select an option called 'Protect your Tweets' in settings, the posts are visible to only your followers and the people you approve of.

This was the feature compromised by the bug.

Bug details

So, how Twitter exposed these private tweets?

The vulnerability automatically disabled the 'Protect your Tweets' option for a number of people using Twitter for Android.

It was triggered as and when these users made certain account related tweaks through the mobile app, changes like switching the email associated with the account.

Their private tweets were exposed without any approval or even notice.

Love Tech news?

Stay updated with the latest happenings.

Yes, notify me

Twitter's work

How many users have been impacted?

How many users have been impacted?

The bug existed on the platform for about five years and was fixed on January 14, Twitter said in its apology for the issue.

The company noted that any user who made account changes through the app during this period (and had protected tweets turned on) may have been impacted.

However, it did not give any insight into the true scale of the issue.

Recommendation

Full review underway, but it is recommended to check settings

Twitter is conducting a review of the incident but has assured that iOS and web users were not affected.

"We've informed people we know were affected by this issue and have turned "Protect your Tweets" back on for them if it was disabled," the company said, noting it can't confirm every account that may have been impacted. "We're very sorry this happened."

Share this timeline

Android

Security

Twitter

BugAlert

Facebook

Share this timeline

Ask NewsBytes
User Image

Most asked questions

How to check if this setting is on?

Did this bug leak any data?

What was the phone number spoofing bug?

Are there any other bugs?

More questions

How to check if this setting is on?

Asked 2019-01-18 11:22:33 by Surabhi Mehra

Answered by NewsBytes

To check, go to Twitter settings on Android and then tap on 'Privacy and security'. The first option on the page would be for enabling/disabling protected tweets.

Did this bug leak any data?

Asked 2019-01-18 11:22:33 by Vishal Powar

Answered by NewsBytes

No, the bug in question only exposed private tweets.

What was the phone number spoofing bug?

Asked 2019-01-18 11:22:33 by Ishan Sengupta

Answered by NewsBytes

In that bug, people were able to spoof account-associated phone numbers to take control of Twitter accounts, post tweets.

Are there any other bugs?

Asked 2019-01-18 11:22:33 by Aanya Lobo

Answered by NewsBytes

As of now, Twitter has not revealed any other bug associated with user account security or any other problem.

Next Timeline