Privacy bug exposed 93,788 protected Twitter accounts to snoopers


Twitter privacyTwitter has fixed an embarrassing bug that impacted 93,788 users of the service, who mistakenly believed that they had control over who could see their micro-blogging updates.

Although the vast majority of Twitter users post publicly, and allow the world and their dog to read their tweets, a small proportion of more privacy-concerned users have chosen to only allow trusted contacts to view their messages, and block access for everyone else.

Protected Twitter account

If you had a protected Twitter account, your tweets should only have been viewable and searchable by yourself and approved followers.

However, this weekend Twitter announced that it had fixed a vulnerability that “under rare circumstances”, had allowed followers who had not been approved by Twitter users to receive so-called protected tweets via SMS and push notifications.

According to a brief blog post by Twitter, the privacy hole has been present since November 2013, and has exposed the updates of 93,788 accounts that Twitter users believed to be protected.

Twitter privacy bug

Twitter says it has removed all of the unapproved follows, and apologised to affected users:

While the scope of this bug was small in terms of affected users, that does not change the fact that this should not have happened. We’ve emailed each of these affected users to let them know about this bug and extend our whole-hearted apologies.

Twitter is right. This should never have happened.

Users have an expectation that sites like Twitter, which offer the option of private communication, will do what they claim rather than be found to have loopholes that allow unauthorised parties to snoop upon confidential discussions.

The vast majority of Twitter users may not be using the site in this way, but it’s clear that some are - and their confidence will have been shaken by this latest revelation.

Tags: , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, ,

No comments yet.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.