Privacy bug exposed 93,788 protected Twitter accounts to snoopers

Twitter privacyTwitter has fixed an embarrassing bug that impacted 93,788 users of the service, who mistakenly believed that they had control over who could see their micro-blogging updates.

Although the vast majority of Twitter users post publicly, and allow the world and their dog to read their tweets, a small proportion of more privacy-concerned users have chosen to only allow trusted contacts to view their messages, and block access for everyone else.

Protected Twitter account

If you had a protected Twitter account, your tweets should only have been viewable and searchable by yourself and approved followers.

However, this weekend Twitter announced that it had fixed a vulnerability that "under rare circumstances", had allowed followers who had not been approved by Twitter users to receive so-called protected tweets via SMS and push notifications.

According to a brief blog post by Twitter, the privacy hole has been present since November 2013, and has exposed the updates of 93,788 accounts that Twitter users believed to be protected.

Twitter privacy bug

Twitter says it has removed all of the unapproved follows, and apologised to affected users:

While the scope of this bug was small in terms of affected users, that does not change the fact that this should not have happened. We’ve emailed each of these affected users to let them know about this bug and extend our whole-hearted apologies.

Twitter is right. This should never have happened.

Users have an expectation that sites like Twitter, which offer the option of private communication, will do what they claim rather than be found to have loopholes that allow unauthorised parties to snoop upon confidential discussions.

The vast majority of Twitter users may not be using the site in this way, but it's clear that some are - and their confidence will have been shaken by this latest revelation.

Tags: , ,

Subscribe to the free GCHQ newsletter

, ,

Special offers & deals

  • PureVPN - 85% off!

    PureVPN - 85% off!

    Make sure your personal data and online activity aren't exposed. Encrypt your internet traffic and cover your tracks with PureVPN. Works with your PCs, Macs, iPhones, Androids, routers, gaming consoles, and Smart TVs. Connect up to 5 devices at once at top speeds.
  • Password Boss Premium Version - 86% off!

    Password Boss Premium Version - 86% off!

    All you need to do is remember one master password, and Password Boss will do the rest - remembering all of your different online passwords securely. Security and peace of mind.

More deals...

Leave a reply

Be the first to comment!

Notify of