Twitter API Flaw Exposed Users Messages to Wrong Developers For Over a Year
Sep 22, 2018
The security and privacy issues with APIs and third-party app developers are something that's not just Facebook is dealing with. A bug in Twitter's API inadvertently exposed some users' direct messages (DMs) and protected tweets to unauthorized third-party app developers who weren't supposed to get them, Twitter disclosed in its Developer Blog on Friday. What Happened? Twitter found a bug in its Account Activity API (AAAPI), which is used by registered developers to build tools to support business communications with their customers, and the bug could have exposed those customers' interactions. The Twitter AAAPI bug was present for more than a year—from May 2017 until September 10—when the microblogging platform discovered the issue and patched it "within hours of discovering it." In other words, the bug was active on the platform for almost 16 months. "If you interacted with an account or business on Twitter that relied on a developer