New bug discovered on Twitter that allowed third-party developers to see private messages exchanged by users with support services
A new bug has been discovered within the famous social media Twitter.
A new bug has been discovered within the famous social media Twitter. Due to a flaw in the private message management system some third-party developers were able to read private messages exchanged between users even without the necessary authorization.
The bug has been discovered within Twitter’s Account Activity API, basically the system that allows third-party developers to create internal communication tools for the social media. Typically, developers have access to some users’ real-time public data but should not have access to private messages. Due to the security flaw, however, even users’ private messages were included in the package of information granted without permission to the same developers external to the social media. The bug does not affect conversations between two private users but only between those who used the social to contact a company’s customer support page. So our private messages that have become “public” are those related to the use of customer care services on Twitter.
New security bug for Twitter
Twitter has made it known, however, that there is no evidence that user messages intended for a customer care service have accidentally ended up to third-party developers. The bug was discovered on September 10 and it took Twitter about two weeks to fix it, even though the flaw was most likely present since May 2017. According to the report, only 1 percent of messages sent exploiting Twitter s Account Activity API may have experienced a sending error arriving not to customer service but to another person. People affected by the security flaw were promptly notified via pop-up notification by the social media developers. Developers who have received information from accounts that do not belong to them have been invited by Twitter to delete any data in order to avoid legal repercussions.
.