Twitter Android App Bug Revealed Private Tweets Spanning Five Years

Hack News

Latest Hacker News and IT Security News

News

Twitter Android App Bug Revealed Private Tweets Spanning Five Years

Social media giant Twitter has just announced a bug fix that has been affecting users of its Android App. However, the details of this bug have left some users concerned at the length of time before it was fixed.

Bug Details

According to Twitter, the bug accidentally changed the visibility of protected tweets. Instead of them being private, these tweets were switched to public. The social media company stated that not all users have been affected by this bug, but it has affected peoples tweets over a five year period.

Twitter stated that the only users affected were those that:

  • Have been using the Twitter Android App
  • Enabled the “Protect Your Tweets” option in the settings
  • Have changed their email address between 3rd November 2014, and 14th January 2019

It is also thought that anyone who changed their email from an Android client within this time period, might also be affected. This is even if they don’t routinely use the Android App.

Notifying Those Affected

Twitter has stated that they have notified all those affected by this bug. It has also reset the “Protect Your Tweets” setting to stop tweets showing up in search engines, and non-followers.

The company hasn’t stated how it found the bug. It has also published a help page to give users more information. Twitter engineers say they cannot identify all those affected, so the page will help users unsure if they are affected.

Twitter Statement

In a statement from the social media company, they said: “We recognize and appreciate the trust you place in us.” They also went on to say that: “We’re very sorry this happened and we’re conducting a full review to help prevent this from happening again.”

This is the second bug that has affected Twitter in the past twelve months. In September 2018, its Account Activity API (AAAPI) sent users private messages to the wrong app developers.

 

Comment here